A whistle-blower site was hacked this past weekend, possibly exposing the identities of confidential sources, according to a hacker who took responsibility for the intrusion.
The hacker, who contacted Wired.com, said two members from Kryogeniks hacked the site that publishes documents prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance. The two hackers were able to get to secret files and correspondence, including records of self-proclaimed WikiLeaks sources who claimed to have information detailing internal WikiLeaks issues, Wired.com reported.
The hacker, who identified himself as “Ruxpin” or “Xyrix,” said the other two hackers broke into Cryptome using a stolen email password for an account belonging to Cryptome founder John Young. They then used the email account to reset the password for his site’s hosting account. The hacker claims 6.8 terabytes of data from Cryptome was copied, but Young disputed the amount, saying, “We had a little over 7 gigabytes, but not terabytes.”
According to the hacker, Cryptome’s WikiLeaks files contain communication between Young and supposed WikiLeaks insiders who, unhappy with WikiLeaks founder Julian Assange and how he runs the organization, have sent Cryptome unverified tips about supposed wrongdoing and other activities inside WikiLeaks.
The hackers said they decided to hack Cryptome mainly to harass a fellow hacker named Josh Holly, aka “TrainReq,” by posting a message identifying Holly as Cryptome’s hacker. Holly is best known for allegedly hacking into Miley Cyrus’ email account and stealing her personal photos, Wired.com reported.
“Cryptome is a popular website,” the hacker wrote Wired.com. “Many people would have seen the joke (defacement), and the person (Trainreq) would have been subsequently bombarded with inquires about that to which he was clueless.”