HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Announcements (Group) » About the hack

Tue Nov 15, 2016, 02:12 PM

About the hack

This is an updated version of a message that appeared on our homepage while the site was offline this weekend, which provides a good overview of the hack and our efforts to get the site back online.

The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.

The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).

The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.

As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)

After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.

It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.

It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.

We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they may have been able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they did know. That is why we are requiring all members to change their passwords now that the site is back online.

We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.

As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who could do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely have been back online in a couple days. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we did a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.

We would be remiss if we did not recognize the invaluable assistance which DU member Lithos has provided during this security review. We are very grateful for his help. Thank you, Lithos.

We have updated the site on two levels: Elad has been fixing some of the code in our forum software (with help from Lithos), and we have been working with our web host to implement a higher level of security on their end. Now that the site is back up, we are temporarily limiting access to the site to Star Members only. We are taking this precaution because we want to make sure that we are receiving only legitimate traffic during the next couple days while our new security software “learns” what is legitimate traffic to the site. This limited opening period should only last two or three days.

We know that this has been a long and frustrating process, and the timing could not have possibly been worse. Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you.

--The DU Administrators

32 replies, 10486 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 32 replies Author Time Post
Reply About the hack (Original post)
Skinner Nov 2016 OP
Eleanors38 Nov 2016 #1
Skinner Nov 2016 #3
yuiyoshida Nov 2016 #7
Travis_0004 Nov 2016 #27
babylonsister Nov 2016 #2
In_The_Wind Nov 2016 #4
jg10003 Nov 2016 #5
mopinko Nov 2016 #6
herding cats Nov 2016 #8
sheshe2 Nov 2016 #9
lillypaddle Nov 2016 #11
CTyankee Nov 2016 #19
steve2470 Nov 2016 #21
lastlib Nov 2016 #10
red dog 1 Nov 2016 #22
Sunlei Nov 2016 #12
friendly_iconoclast Nov 2016 #13
Initech Nov 2016 #14
Lithos Nov 2016 #15
Joe Bacon Nov 2016 #16
Initech Nov 2016 #17
grantcart Nov 2016 #18
steve2470 Nov 2016 #20
Mr.Bill Nov 2016 #23
groundloop Nov 2016 #24
Mr.Bill Nov 2016 #25
dubyadiprecession Nov 2016 #26
SCRUBDASHRUB Nov 2016 #28
Madam45for2923 Nov 2016 #29
napkinz Nov 2016 #30
Name removed Dec 2016 #31
Skinner Dec 2016 #32

Response to Skinner (Original post)

Tue Nov 15, 2016, 06:10 PM

1. Silly question, perhaps: What is the likelihood of nabbing these basement dwellers?

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Eleanors38 (Reply #1)

Tue Nov 15, 2016, 06:23 PM

3. Unlikely.

But we'll see what we can do.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Reply #3)

Tue Nov 15, 2016, 09:08 PM

7. It would be cool to post all the responses you had to

the question you posted, while DU was down. I think what many people had to say was really important and very impressive.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Eleanors38 (Reply #1)

Tue Nov 22, 2016, 09:48 PM

27. Its very easy to hide your IP address

 

You can use something like TOR, and or a VPN. DU admins can trace an IP address and might just find out that it was out of Hong Kong (just as an example). This doesn't mean that the user is in Hong Kong, he could be anywhere. You have to go to the last server he used (likely a VPN server)

You could ask the VPN to hand over the IP address, but this has problems

The VPN operator won't give it to you.
The VPN operator CANT give it to you (its encrypted, and they can't open it)
The log never existed at all, or at least doesn't exist in a usable form (yeah, here is the list of the 6,000 active users on our service when you were hacked)

Even if the IP log was sitting on the CEO's desk, his business is to keep things like that private. He isn't giving it up. And the Hong Kong courts don't care (they wouldn't give up Edwin Snowden, they are not going to comply with a court order from the US. And remember, what you are tying to get very very likely doesn't exist.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 15, 2016, 06:22 PM

2. Yes, I hope you found someone to prosecute. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 15, 2016, 06:45 PM

4. I missed all of you so very much!

[img][/img] Welcome back DU!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 15, 2016, 07:15 PM

5. Was the hack reported to the FBI?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 15, 2016, 08:21 PM

6. lemme tighten my tinfoil hat before i say this, but

it is apparent to me that the cheeto campaign actually had a good idea of how it was going to go down. you didnt need polling to tell you this would be close.
so what do thugs do when the going gets tough? why, they cheat.

i cant help thinking that du's history of digging into stinky election results was the reason for the hack. i think that recent history has told us that when numbers are cock-eyed, there is a cheat in there somewhere. hillary winning the popular vote but loosing the election could be legit, but that is quite a needle to thread.
i noticed on msnbc today that they were talking about how the voting went, where the surges were, where they got those extra votes. they mentioned that "there was a big surge late in the day". now, that happens ferrealz. but it also happens when the cheater figure out how many votes they need to stuff. they always do that late in the day.

i'm not sayin, i'm just sayin.
this really deserves serious scrutiny.

but holy hell am i glad you guys are back. thanks so much for sticking it out. i certainly would have been conflicted about going to all that work for such a crazy bunch.
du forever.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 15, 2016, 09:53 PM

8. Dr. Ernest Partridge wrote an essay based on our hack.

I was going to email it to you, then I realized how busy you must be at the time.

Adieu, Progressive Internet?

P.S. I had to delete the "http://" again in the code before linking.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 16, 2016, 02:19 AM

9. Thanks Skinner, you all did good....

I vote for a raise for Elad. Plus EarlG got me back on tonight, problem with my email.

Thanks to you all.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to sheshe2 (Reply #9)

Wed Nov 16, 2016, 10:04 AM

11. Same here

EarlG got me back on, problem with my email. Thanks to all of you for your hard work. Felt like I was without a lifeline.

Kudos, gents ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to sheshe2 (Reply #9)

Thu Nov 17, 2016, 06:02 PM

19. me too. I thanked him profusely. Great team, great pulling through...

it's been a rough week for us liberals...somewhere in my head I hear the strains of Willie Nelson singing "...but life goes on..."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to sheshe2 (Reply #9)

Thu Nov 17, 2016, 10:03 PM

21. yes a raise for Elad, for sure!!!! nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 16, 2016, 07:30 AM

10. Thank you, Skinner, EarlG, and especially Elad! Yeoman's work!

Last edited Fri Nov 18, 2016, 10:00 PM - Edit history (1)

We definitely APPRECIATE all you've done!

God, I missed this place the past week. It's my only support at times like this. I will happily contribute to a reward fund for info leading to the arrest, conviction and hanging of the pond-scum that hacked us! I know you guys had a lot of headaches and long hours fixing this shit-stain's attack. I would personally like to beat the holy fuck out of him. I really think you guys should pull in the FBI on this--though I doubt that effin' SOB Comey would be very helpful.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to lastlib (Reply #10)

Fri Nov 18, 2016, 02:46 PM

22. 1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 16, 2016, 11:28 AM

12. criminal what was done to this site. I'd be happy to chipin for experts to capture them

The security company who worked on DNC file theft isn't very expensive & they directly work with FBI internet crime division. There is of course no charge to file the crime with FBI and Justice Dept.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 16, 2016, 03:48 PM

13. Thank you for the explanation and all the hard work to get DU back online

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 16, 2016, 07:03 PM

14. I did some checking around Twitter when election day happened.

Apparently there's a group called "Legions Of Pepe" was taking credit for the attack. It was being bragged about on the Ron Paul Forums. It looks like the page was taken down but that's pretty alarming that I found that.

And fuck Ron Paul!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Initech (Reply #14)

Wed Nov 16, 2016, 08:57 PM

15. I think it was a generic reference

Pepe the front is a symbol of the alt-right, particularly those who hang out on 4Chan and Reddit. They have generically also been calling themselves (and been referred to) as the Pepe Legion.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Initech (Reply #14)

Wed Nov 16, 2016, 09:04 PM

16. They also hijacked Mac Tonight from the 80s.

Mac Tonight has also been turned into a symbol of anti-Semitism along with Pepe. So sad that since Trump stole the Presidency hate graffiti is spreading around my neighborhood in Los Angeles.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Joe Bacon (Reply #16)

Wed Nov 16, 2016, 09:21 PM

17. Donald Trump is bringing out the worst in people.

Social media has been unbearable since it happened. Gonna be a long four years.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Thu Nov 17, 2016, 04:35 AM

18. Thanks and a question

Thanks for getting us back up and thanks for returning DU to a sensible identity.

Question: Why wasn't the hack covered more in the news. Were you intentionally trying to keep a low profile? I would have though I would have seen it discussed somewhere but missed it.

Thanks again.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to grantcart (Reply #18)

Thu Nov 17, 2016, 09:58 PM

20. I told this site we were down, it's a well-known IT site

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 22, 2016, 05:59 PM

23. What happened to Discussionist?

It went down at the same time.

As far as I'm concerned, you should leave it down. While it showed some promise at first, it had turned into a cesspool of sock puppets, alt-right trolls and assholes. The few decent people who were there I assume can still post here, like myself.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mr.Bill (Reply #23)

Tue Nov 22, 2016, 07:59 PM

24. You claiming you're a decent person???

Reply to this post

Back to top Alert abuse Link here Permalink


Response to groundloop (Reply #24)

Tue Nov 22, 2016, 08:34 PM

25. Of course.

At least my dog thinks so.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Tue Nov 22, 2016, 09:17 PM

26. I remember logging in and was immediately asked to serve on a jury.

I saw the GOD Emperor message and voted to hide it. Then the DU site started to crumble shortly after that with the content of trump in the passenger seat of a limousine pointing a gun.

It was a bad sign for a horrible night.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dubyadiprecession (Reply #26)

Wed Nov 23, 2016, 12:23 AM

28. Glad to be back. These past couple of weeks have been doo doo without DU.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Wed Nov 23, 2016, 08:55 AM

29. Russians? Hacker did not want us comparing notes on election day!

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)

Thu Nov 24, 2016, 10:30 AM

30. for those of us who clicked on DU when it was hacked

Have our computers been compromised? (in terms of viruses and malware)

Plus isn't it dangerous if all the members' IP addresses have been obtained?

(This is my first day back since the election and I'm concerned. Thank you for any input.)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Skinner (Original post)


Response to Name removed (Reply #31)

Thu Dec 1, 2016, 08:09 PM

32. It'll come back eventually.

But we need to deal with DU first.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread