Not long ago, I reported on the hacking incident at web service provider VAServ. The breach, which was attributed to vulnerabilities in LxLabs’ virtualization administration software, resulted in data loss for more than 100,000 customers and possibly one suicide at LxLabs. Now, it appears as though the breach was not caused by LxLabs’ software at all, but by frequent password reuse – if you believe the comments on “The Inquisitr” that were left by the actual hackers.
After “The Inquisitr” posted the story, an anonymous comment linked to a message presumably left by the hackers. The message denied they exploited vulnerabilities in LxLabs’ Kloxo software, “Z3r0 day in hypervm?? plz u give us too much credit,” and instead put the blame on Rus Foster, director of VAServ.com – “If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse.”
The hackers told Foster that repeated use of the same four passwords made it easy to infiltrate the VPS “thanks to ur mad passwds” – one of which they claim was “f0ster.”
Foster denies that poor password and configuration management led to the hack. He says the hacker comments must be made up since he “doesn’t recognize” any of the passwords revealed in the post.
The assumed hackers said their motive was boredom, “We got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf.”
Since the catastrophe that deleted the websites of thousands of small businesses, Foster announced VAServ was being taken over by a larger hosting provider known as BlueSquare. Although customers who used managed accounts would have their data recovered since it features an autosave backup.
The hacker message is vague enough that it could have been written by someone who is simply skilled in hacker parlance:
“BTW Rus we still have ur billing system wtfpwned and baqdoored we got ****load of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it’s just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.”
Email This Post
Print This Post
You must log in to post a comment.