Site that Shared Alleged FBI, DHS Data Shut Down

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.govtech.com/security/Site-that-Shared-Alleged-FBI-DHS-Data-Shut-Down.html

Days after supposed FBI and Department of Homeland Security employee
information appeared online, the site hosting that data is down.

CryptoBin — a service that allows users to anonymously share text — is
currently accessible only through its numeric Internet protocol address.
That, along with other domain statuses that appear when requesting the
website’s information, suggest that the company that registered CrytoBin’s
domain name has made it more difficult to find.

The registrar, eNom, referred questions about the site to the owner of the
domain.

A phone number listed in CrytoBin’s site domain information was
disconnected. An e-mail sent to a support address associated with CryptoBin
was not returned.

The domain look-up did not reveal the name of the owner, though it did list
a P.O. box in Panama.

A Department of Justice spokesman, who previously confirmed that the agency
was investigating a possible breach of its systems, declined to comment
when asked if the agency had anything to do with the takedown.

When users navigate to a website, they type in an address, such as
www.google.com. In the background, a decentralized system of domain name
servers, known as DNS, connect those alphabetic names to numeric addresses.

In the case of CryptoBin.org, the alphabetic address is dead while the
numeric address — https://151.236.7.11 — has remained live.

Given the timing of the takedown, there are obvious guesses as to who might
be behind it, said Brian Martin, the director of vulnerability intelligence
at Risk Based Security in Richmond, Va.

“The most likely thing is that either (eNom) themselves or the feds said:
‘Yank their DNS, so people can’t easily get to that site,’” he said

“That could be triage to help slow the leak of the information, but it
seems just as likely that the feds could get a takedown order.”

Martin added that if CryptoBin.org is hosted outside the U.S., as its
domain registration information suggests, that legal process could take
time.

On Monday morning, the cache of records was accessible to anyone who used
the password “lol.” The page hosting the data appeared to have been taken
down by Tuesday afternoon. On Wednesday morning, Risk Based Security.

“The department is looking into the unauthorized access of a system
operated by one of its components containing employee contact information,”
the Justice Department spokesman said in an e-mail Monday.

“This unauthorized access is still under investigation.”

Vice broke news of the supposed breach, but declined to identify the hacker
who claims to be behind it.

The Twitter account that initially published the location and password
associated with that information posted Tuesday: “Anyone got a good lawyer
?!?!?”

That was the account’s last tweet.

According to CryptoBin’s registry information, the domain was created in
April 2011 and last updated Tuesday. Similar to the more popular service
Pastebin, CryptoBin let users share text; its contents are protected by
passwords.

In the past, hackers have reportedly used the service to release similar
data.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.