Security experts' sites hacked on eve of Black Hat conference

Attackers post e-mails, passwords, and other sensitive data stolen from security experts and others on hacked site of Dan Kaminsky.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

LAS VEGAS--Web sites of a handful of security experts and groups were hacked and passwords, e-mails, IM chats and other information was posted on the Internet on Tuesday, the eve of the Black Hat security conference.

Targeted were Dan Kaminsky, known for his discovery of a high-profile flaw in the domain name system last year; Kevin Mitnick, one of the first hackers to be prosecuted for computer crimes; and the PerlMunks programmer community, among others.

A long treatise was posted to Kaminsky's Web site with the data and criticisms accusing the victims of hyping security threats to advance their careers and lacking security expertise. It's unclear how the sites were breached, but several of the blogs attacked were running on WordPress and there were allusions to vulnerabilities in the software.

"It's just drama," Kaminsky said when asked to comment.

"If there was anything technically interesting to discuss, cool. But I hope that my dating life was interesting," said Kaminsky, who was preparing for an afternoon presentation on problems with X.509, an encryption standard for public key infrastructure. "The impacts of a single event are whatever. There's actual research going on."

Mitnick said someone using a European IP address hacked into his Web hosting provider about 10 days ago and redirected traffic to a site displaying a photo-shopped pornographic image of him. A week later his Web site was breached and the files deleted, most likely by the same people and probably via back doors left behind in the first breach, he said.

"They looked through my Web server but I never keep e-mail or personal files there, only publicly available information," Mitnick said. His hosting provider, a friend, has asked him to leave because of the repeated attacks and erasure of his and other customers' data, he said. As a result, he's switching to FireHost, a host that specializes in security.

Kaminsky, had the "illusion of invulnerability," keeping all his e-mail, research, and personal files on a server connected to the Internet, Mitnick said.

Mitnick, whose site has been successfully hacked four times, said he doesn't host his own Web site so that he can keep his public site separate from his corporate network.

"It was a jackpot," he said of the attack on Kaminsky. "I really respect the guy and I think he's super intelligent in security and yet he was victimized. On a public-facing box you don't keep anything confidential on there."