Good Morning, PoliticusUSA; You’ve Been PWNed by TiGER-M@TE!

Sep 25 2011 Published by under Uncategorized

Good morning, PoliticusUSA; you’ve been PWNed by “TiGER-M@TE”!

I’m writing to you from a secure, non-disclosed location known as GOP Clown Show. Don’t ask, and I won’t tell.

This morning when I opened PoliticusUSA to share my colleagues’ morning stories, an ominous black page replaced my story from last night on Occupy Wall Street. This can’t be good, I thought. Then the page shrank down and began dancing all over my screen.

I chased it around for a few minutes, too sleepy to be alarmed.

Muttering under my breath (to say I am short tempered when it comes to technology is to put it mildly), I cursed the dancing box. I believe I may have called it the devil, but it’s all a blur now. I clicked and clicked and it ran and played.

Finally, I got it: “Server HackeD by TiGER-M@TE”


Good morning.

After just a few years as managing editor of PoliticusUSA, I’ve begun to accept the inevitability of trouble, so I’m not shocked or alarmed. There’s no transition period now between bad news and curiosity, not even a noticeable uptick in my breathing or heart rate. Every day another new form of humanity gone wild on the internet.

I’m curious — how can this be when we have the super duper security after that horrible Northern DDoS attack?

A quick trip to our server host tells us it’s not us, it’s them.

While this phrase offers little comfort at the end of a relationship, in the world of internet security, it is apparently quite the panacea for panic. These are words you want to hear on the internet.

Our host tells us, “InMotion Hosting
Security team members have traced this vulnerability to an authentication system and are working to patch this now.”

After talking to our internet security peeps, it turns out we weren’t actually hacked, but in fact we are among 700,000 sites impacted by an attack on our host. Yes, 700,000. The Data Center got hacked.

This is called a “PWN” hack. Yeah, InMotion got PWNed. OK. But I still love them. They’ve been worlds above our other hosts.

The good news is this is not a virus, it’s a defacement attack.

After numerous issues in the past, going back to the days when stories on a certain cold governor weren’t well received and a DDoS attack was launched against us, PoliticusUSA spends what little money it makes on security. If you want a real nightmare, try a DDoS attack that goes on for a week during which the host tells you they aren’t sure they can fix it. I won’t name that host but we are no longer with them. We are, however, still writing articles about people in power who do bad things.

Thanks to that attack (I can’t claim that Sarah Palin never did anything for me), we have an additional 3 layers of security for our site, but what good is that in an attack on your host? This attack, along with the recent vulnerabilities on Amazon Cloud Service, might be a good example of the suggestion that server side security and cloud computing still have their share of vulnerabilities. Hello, Reddit:-) I apologize to your readers for the dancing devil that greeted them this morning.

It’s been suggested that hackers do this sort of rather harmless defacement attack as a way to show off their skills in order to find work in the industry. They do have a working Hotmail account under their proud little hacking notice. And The Hacker News got this happy quote from the hackers, “I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the i was unable to submit all i’ve listed all domains in attachment. It was not just a server hack, actually whole data center got hacked.”

We are in good company, check out the also-afflicted.

I should be pissed off, but I’m actually rather amused at the creativity of out of work hackers. I’m very sorry for the readers who were annoyed or frightened by the seemingly scary message, but in the larger picture, this was as good as it gets when it comes breaches in internet security. Nothing was permanently harmed and there is no virus.

Just some hackers showing off their mad skills, perhaps looking for work or just amusing themselves as they did when they defaced Google’s Bangladesh website. I might suggest to them that it’s a shame that they ruined my Occupy Wall Street story, which is about people who are also out of work due to the greed and corruption of our political system, and that perhaps the hackers could show solidarity with those folks by showing off in more effective ways, but I have learned that not everyone gives a crap about solidarity and truly, it wasn’t personal.

It wasn’t us, it was them.

Good morning, PoliticusUSA; you’ve been PWNed by “TiGER-M@TE”!

30 responses so far