OMFG - We were hacked - ALL of our email

Addresses were removed from the account. WTF?????????????????????? And our access denied. THEN, ADS site seems to have been hacked as well. Don't know the details of the ADS hit, but will find out. David Swanson just called to tell me and I was busy telling him. Both hit, same day.

PEOPLE, this is an organized thing.

EDITED BY ADMIN: To clarify, the message refers to AfterDowningStreet.org. Democratic Underground was not hacked.

Business, political, or otherwise?

:hug: If they hit both of you then I wouldn't be surprised if it was an organized thing. Anyway to find out who these people were/are?

DO NOTHING WITH YOUR HARD DRIVES! WRITE NO MORE DATA!!!

HAVE THE MACHINES PHYSICALLY REMOVED FROM ANY NETWORK CONNECTIONS NOW!!!!!!

Edited to add: Your servers are now a crime scene. do nothing to contaminate it. Everything to dow with your machines are now evidence in a criminal investigation.

...get those systems OFF the network and contact the FBI immediately. Some forsenics and investigation need to be done by FBI and security experts.

And JOHN is in the ER with a high fever. WTF???? Someone went in, deleted several hundred email addresses, changed the codes and locked us out. And, the server was down twice today. Our tech guy is unreachable. That leaves it all up to me. What do I do? I cannot get into our email.

If so, SHUT IT DOWN! Then call the FBI.

compromises any forensic testing. Disconnect network cables and leave running as is. Contact a forensics security consultant and get procedue from them.

..

Backups of the email addresses deleted and whatever content changed that can be easily restored. It's all about where it's hosted too. The server needs to be disconnected from the internet. There needs to be a forensic examination of server and router logs to determine when the site was changed and by what computer or groups of computers on the net changed it. Everything leaves a trace somewhere. Change where it is hosted because clearly they are not secure. Eventually you'll be able to contact the techies and they will put it all back together. Then the crime will be investigated. I can understand that you are feeling panicky and violated right now. :hug:

Contact your hosting company too to make them maintain the logs of access.

even since I signed up for the DU activist core. I figure it has to be related

not the du

If you weren't a threat there would have been no action. Is it a sign that those in power want to live in lawless police state? Sure. But you already know that and you keep writing anyway. The little hacks can only set you back for the time it takes to technically fight them. They cannot ultimately silence you and that is where you are truly more powerful. Keep fighting.
:yourock:

listen to walt

:grr: :grr: :grr: :grr:

Who runs your servers?

Do you know what sort of servers they are?

I would like to see one of the admins comment on this to verify/debunk this before people panic

lala_rawraw, please define "WE". I know who ADS is but who is WE

Raw Story was hacked,. not Democraticunderground.

LALA works for Rawstory.

How do you figure it was hacked?

The sites might be working right now, but they are locked out from the servers to make any changes themselves. Their emails are deleted from the system as if they never existed.

Who ever did this now has control of the content of those sites as well. Be careful surfing them. You never know what kind of nasties they could have ready to download in the background to your system either.

Do you have root on the servers? If not, have you called the person who provides the hosting?

PDA is also dealing with the ADS damage.

:scared:

What was hacked?

If you guys outsource your email and hosting you should contact your ISP and ask if they keep logs on who connects to your resources. What you want is the IP addresses of any connections to the resources...

If you all keep your passwords written down, where they are stored is the most likely place that was used to get at them. A piece of paper in someones desk is always bad news.

Call the FBI!

address, is that addy now compromised?

NOT at all. No one was reading email it seems, just deleted accounts.

Edit: Lala said she deletes her email from the server, so maybe not, but you can't be too paranoid with this stuff.

If a server was hacked, you have to assume that ALL the info on that server was compromised since you have no idea what was done. Also you need to make sure any other servers that have a trusted relation with the hacked server weren't also compromised. The hackers could have copied all the data before deletion, planted keyloggers and/or trojans, left backdoors.... The possibilities are endless and you need to get some professionals in on this ASAP.

if you host your own site, that's nuts.

i guess you have to plan for this kind of thing every once in a while... backing up your data regularly is always key

good luck.

------------------------------------
the solar bus
ELECTION JUSTICE CENTER
your home for updated information on the fight for democracy in America
http://election.solarbus.org
------------------------------------

Is this the repukes or just some lone deviant with too much time on his hands.

Wow! Both Rawstory and After Downing Street hacked nearly simultaneously! That's kinda' scary.

And why these hackers couldn't go after a bank instead is beyond me...

And that they can't access their email or log in.

I am unaware if they can't log into their content management system, or their accounts through telnet/ssh. If its the latter, is serious. If its the former, its probably some random bullshit, such as a botched MySQL upgrade or something.

in the opening post.

This is a weekday. You should be able to get a hold of your host. They should be able to rectify the problem.

Now, if you're leasing an unmanaged server and your tech guy is out of pocket...yikes.

http://www1.schlund.de/index.php? for rawstory
and http://www.inch.com/ for afterdowningstreet. At least that's who the current DNS queries go.

edit: These lookups are often innacurate. For afterdowningstreet.org, their most local DNS server comes from a site called people-link.com, which may be down, as they seem to have no homepage. But who knows.

Could just be a windows thing.

It will blow your mind. Then you will know what happened!!!!!!!!!!!!!!!!!!!!1

best of luck fixing this mess. :(

checking there...

n/t

Please keep up the great work.

Very sorry to hear about your, and our, misfortune, and I hope that this resolves quickly and in a good way.

As is our story... I call all tampering of any sort "hacking" because I am an idiot and don't know tech lingo. How about "messed with"?

I hope everything is alright now.

*waiting on story later*

On the other hand, computers mess up all the time and maybe your email server had some technical difficulties?

Our entire email, each account, one by one, was removed.

There are all sorts of ways besides "hacking" to access sensitive information, such as that found in e-mails.

Ever hear of "social engineering"? Look it up - it's pretty enlightening.

At my company, someone got hold of our passwords and used in-house computers to read and forge e-mails! That way, people had a more difficult time tracing the forger, since the e-mails looked as if they were coming from in-house.

I just emailed you last night, too. Does this mean that if Rawstory was hacked, the hacker has access to its email list?

Hope all works out soon!

I hope you do not mind that I edited your post to make it clear that you were not referring to Democratic Underground.

Skinner
DU Admin

Without it, I had no idea who or what this was about.

And write a more calm thing? I went into insane mode because a lot was going on this morning.

first contact the webhost so they keep copies of all IP access to the sites & especially the control panel. These are often called raw access logs. That alone should tell you who accessed the control panel & deleted email addys as well as changed passwords etc. This is an attempted takeover of the site.

Contact the FBI and/or a forensic computer specialist...(any of those hanging out here who want to help?)

Unfortuntely, it would also be easy for them at this point to add malicious software to the sites so that anyone who goes in to read stories could be infected with some sort of nasty worm or something of that sort.

If you get control back soon, be sure to have someone check the code to make sure that nothing nasty was added.

Good luck, I'll check back to this thread tonite and see if you have updated any info here.

For the first time ever, I got a message that my ISP was refusing to accept and distribute three mass mailings to our state-level election reform group. Again, this has never happened before -- it's a totally new error message for me. Once I get back from town, I will call my ISP and ask WTF is going on.

the break-in at the Dem. Headquarters and stealing computers in Columbus Ohio? I only heard this story once. What ever happened?

Have two different things have happened. ADS's issue is going to be in an article soon (Brad Friedman I think said he was covering it). Our thing is being clarified as we speak. I have my email back on track now, back up that is and it only took all day.

No on the mailing list thing btw. People have been asking and I don't keep my address book online nor do I keep my emails on the server. It was a server side issue that this happened, not on my pooter. The email accounts were deleted, NOT the emails read, because there would have not been any to read as I delete all of my emails as soon as I get them or I move them to a folders on my own pooter. So everyone calm down, except for me, because I want to scream my brains out a bit more before I take a much needed nap.

what the fuck happened to counterpunch?! maybe this has been discussed and answered somewhere else, however, i think it stranger and stranger with time... coincidence theorists need not reply

Can be kicked... I don't want my rantings to be kicked much higher if that is okay. But explain because I have never heard what happened.

a casual reader there, wish i could explain. someone has the answer im sure. Hope everything turns out okay with your servers lala ! :evilfrown:

take that much needed nap, it'll really help.

Goto this link and you'll see email addresses of the admins that you can send to.
http://www.whois.sc/counterpunch.org

After doing a port scan, I found the ftp site at the address is active.

Our website dealing with Lyme Disease is hosted by a Canadian company recommended to me. They do not have outgoing email servers so I have to use my paid personal ISP netzero or my hotmail account.

I sent out a newsletter when the addresses were only three weeks old and all of the copies addressed to AOL addresses came back with an error message. There was a delay before a reply and they told me to call and asked some routine questions about the number of messages I sent (less than a million? yeah less than 50 and only 12 went to AOL addresses), they checked and said they saw no reason for the error and when they had me try it it was working but one person told me that AOL filters emails that have certain content including certain URL's and asked who I mentioned (only legitimate established Lyme groups) and that was the last I heard but all three email addresses two of which are not posted anywhere on the internet where "spoofed" to send out viruses over the next 6 weeks. I was told nobody could do anything about it and my only recourse was to change our addresses. You can see the problem if you want to have some way to have people contact you.

House of cards it seems.