Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Skinner

(63,645 posts)
Tue Nov 15, 2016, 01:12 PM Nov 2016

About the hack

This discussion thread was locked by Skinner (a host of the Announcements group).

This is an updated version of a message that appeared on our homepage while the site was offline this weekend, which provides a good overview of the hack and our efforts to get the site back online.

The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.

The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).

The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.

As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)

After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.

It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.

It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.

We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they may have been able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they did know. That is why we are requiring all members to change their passwords now that the site is back online.

We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.

As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who could do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely have been back online in a couple days. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we did a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.

We would be remiss if we did not recognize the invaluable assistance which DU member Lithos has provided during this security review. We are very grateful for his help. Thank you, Lithos.

We have updated the site on two levels: Elad has been fixing some of the code in our forum software (with help from Lithos), and we have been working with our web host to implement a higher level of security on their end. Now that the site is back up, we are temporarily limiting access to the site to Star Members only. We are taking this precaution because we want to make sure that we are receiving only legitimate traffic during the next couple days while our new security software “learns” what is legitimate traffic to the site. This limited opening period should only last two or three days.

We know that this has been a long and frustrating process, and the timing could not have possibly been worse. Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you.

--The DU Administrators
32 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
About the hack (Original Post) Skinner Nov 2016 OP
Silly question, perhaps: What is the likelihood of nabbing these basement dwellers? Eleanors38 Nov 2016 #1
Unlikely. Skinner Nov 2016 #3
It would be cool to post all the responses you had to yuiyoshida Nov 2016 #7
Its very easy to hide your IP address Travis_0004 Nov 2016 #27
Yes, I hope you found someone to prosecute. nt babylonsister Nov 2016 #2
I missed all of you so very much! In_The_Wind Nov 2016 #4
Was the hack reported to the FBI? jg10003 Nov 2016 #5
lemme tighten my tinfoil hat before i say this, but mopinko Nov 2016 #6
Dr. Ernest Partridge wrote an essay based on our hack. herding cats Nov 2016 #8
Thanks Skinner, you all did good.... sheshe2 Nov 2016 #9
Same here lillypaddle Nov 2016 #11
me too. I thanked him profusely. Great team, great pulling through... CTyankee Nov 2016 #19
yes a raise for Elad, for sure!!!! nt steve2470 Nov 2016 #21
Thank you, Skinner, EarlG, and especially Elad! Yeoman's work! lastlib Nov 2016 #10
1 red dog 1 Nov 2016 #22
criminal what was done to this site. I'd be happy to chipin for experts to capture them Sunlei Nov 2016 #12
Thank you for the explanation and all the hard work to get DU back online friendly_iconoclast Nov 2016 #13
I did some checking around Twitter when election day happened. Initech Nov 2016 #14
I think it was a generic reference Lithos Nov 2016 #15
They also hijacked Mac Tonight from the 80s. Joe Bacon Nov 2016 #16
Donald Trump is bringing out the worst in people. Initech Nov 2016 #17
Thanks and a question grantcart Nov 2016 #18
I told this site we were down, it's a well-known IT site steve2470 Nov 2016 #20
What happened to Discussionist? Mr.Bill Nov 2016 #23
You claiming you're a decent person??? groundloop Nov 2016 #24
Of course. Mr.Bill Nov 2016 #25
I remember logging in and was immediately asked to serve on a jury. dubyadiprecession Nov 2016 #26
Glad to be back. These past couple of weeks have been doo doo without DU. SCRUBDASHRUB Nov 2016 #28
Russians? Hacker did not want us comparing notes on election day! Madam45for2923 Nov 2016 #29
for those of us who clicked on DU when it was hacked napkinz Nov 2016 #30
Message auto-removed Name removed Dec 2016 #31
It'll come back eventually. Skinner Dec 2016 #32
 

Eleanors38

(18,318 posts)
1. Silly question, perhaps: What is the likelihood of nabbing these basement dwellers?
Tue Nov 15, 2016, 05:10 PM
Nov 2016

Skinner

(63,645 posts)
3. Unlikely.
Tue Nov 15, 2016, 05:23 PM
Nov 2016

But we'll see what we can do.

yuiyoshida

(42,717 posts)
7. It would be cool to post all the responses you had to
Tue Nov 15, 2016, 08:08 PM
Nov 2016

the question you posted, while DU was down. I think what many people had to say was really important and very impressive.

 

Travis_0004

(5,417 posts)
27. Its very easy to hide your IP address
Tue Nov 22, 2016, 08:48 PM
Nov 2016

You can use something like TOR, and or a VPN. DU admins can trace an IP address and might just find out that it was out of Hong Kong (just as an example). This doesn't mean that the user is in Hong Kong, he could be anywhere. You have to go to the last server he used (likely a VPN server)

You could ask the VPN to hand over the IP address, but this has problems

The VPN operator won't give it to you.
The VPN operator CANT give it to you (its encrypted, and they can't open it)
The log never existed at all, or at least doesn't exist in a usable form (yeah, here is the list of the 6,000 active users on our service when you were hacked)

Even if the IP log was sitting on the CEO's desk, his business is to keep things like that private. He isn't giving it up. And the Hong Kong courts don't care (they wouldn't give up Edwin Snowden, they are not going to comply with a court order from the US. And remember, what you are tying to get very very likely doesn't exist.

babylonsister

(171,605 posts)
2. Yes, I hope you found someone to prosecute. nt
Tue Nov 15, 2016, 05:22 PM
Nov 2016

In_The_Wind

(72,300 posts)
4. I missed all of you so very much!
Tue Nov 15, 2016, 05:45 PM
Nov 2016

[img][/img] Welcome back DU!

jg10003

(1,027 posts)
5. Was the hack reported to the FBI?
Tue Nov 15, 2016, 06:15 PM
Nov 2016

mopinko

(71,801 posts)
6. lemme tighten my tinfoil hat before i say this, but
Tue Nov 15, 2016, 07:21 PM
Nov 2016

it is apparent to me that the cheeto campaign actually had a good idea of how it was going to go down. you didnt need polling to tell you this would be close.
so what do thugs do when the going gets tough? why, they cheat.

i cant help thinking that du's history of digging into stinky election results was the reason for the hack. i think that recent history has told us that when numbers are cock-eyed, there is a cheat in there somewhere. hillary winning the popular vote but loosing the election could be legit, but that is quite a needle to thread.
i noticed on msnbc today that they were talking about how the voting went, where the surges were, where they got those extra votes. they mentioned that "there was a big surge late in the day". now, that happens ferrealz. but it also happens when the cheater figure out how many votes they need to stuff. they always do that late in the day.

i'm not sayin, i'm just sayin.
this really deserves serious scrutiny.

but holy hell am i glad you guys are back. thanks so much for sticking it out. i certainly would have been conflicted about going to all that work for such a crazy bunch.
du forever.

herding cats

(19,612 posts)
8. Dr. Ernest Partridge wrote an essay based on our hack.
Tue Nov 15, 2016, 08:53 PM
Nov 2016

I was going to email it to you, then I realized how busy you must be at the time.

Adieu, Progressive Internet?

P.S. I had to delete the "http://" again in the code before linking.

sheshe2

(87,471 posts)
9. Thanks Skinner, you all did good....
Wed Nov 16, 2016, 01:19 AM
Nov 2016

I vote for a raise for Elad. Plus EarlG got me back on tonight, problem with my email.

Thanks to you all.

lillypaddle

(9,605 posts)
11. Same here
Wed Nov 16, 2016, 09:04 AM
Nov 2016

EarlG got me back on, problem with my email. Thanks to all of you for your hard work. Felt like I was without a lifeline.

Kudos, gents ...

CTyankee

(65,020 posts)
19. me too. I thanked him profusely. Great team, great pulling through...
Thu Nov 17, 2016, 05:02 PM
Nov 2016

it's been a rough week for us liberals...somewhere in my head I hear the strains of Willie Nelson singing "...but life goes on..."

steve2470

(37,468 posts)
21. yes a raise for Elad, for sure!!!! nt
Thu Nov 17, 2016, 09:03 PM
Nov 2016

lastlib

(24,902 posts)
10. Thank you, Skinner, EarlG, and especially Elad! Yeoman's work!
Wed Nov 16, 2016, 06:30 AM
Nov 2016

Last edited Fri Nov 18, 2016, 09:00 PM - Edit history (1)

We definitely APPRECIATE all you've done!

God, I missed this place the past week. It's my only support at times like this. I will happily contribute to a reward fund for info leading to the arrest, conviction and hanging of the pond-scum that hacked us! I know you guys had a lot of headaches and long hours fixing this shit-stain's attack. I would personally like to beat the holy fuck out of him. I really think you guys should pull in the FBI on this--though I doubt that effin' SOB Comey would be very helpful.

red dog 1

(29,301 posts)
22. 1
Fri Nov 18, 2016, 01:46 PM
Nov 2016

Sunlei

(22,651 posts)
12. criminal what was done to this site. I'd be happy to chipin for experts to capture them
Wed Nov 16, 2016, 10:28 AM
Nov 2016

The security company who worked on DNC file theft isn't very expensive & they directly work with FBI internet crime division. There is of course no charge to file the crime with FBI and Justice Dept.

 

friendly_iconoclast

(15,333 posts)
13. Thank you for the explanation and all the hard work to get DU back online
Wed Nov 16, 2016, 02:48 PM
Nov 2016

Initech

(101,913 posts)
14. I did some checking around Twitter when election day happened.
Wed Nov 16, 2016, 06:03 PM
Nov 2016

Apparently there's a group called "Legions Of Pepe" was taking credit for the attack. It was being bragged about on the Ron Paul Forums. It looks like the page was taken down but that's pretty alarming that I found that.

And fuck Ron Paul!

Lithos

(26,452 posts)
15. I think it was a generic reference
Wed Nov 16, 2016, 07:57 PM
Nov 2016

Pepe the front is a symbol of the alt-right, particularly those who hang out on 4Chan and Reddit. They have generically also been calling themselves (and been referred to) as the Pepe Legion.

Joe Bacon

(5,167 posts)
16. They also hijacked Mac Tonight from the 80s.
Wed Nov 16, 2016, 08:04 PM
Nov 2016

Mac Tonight has also been turned into a symbol of anti-Semitism along with Pepe. So sad that since Trump stole the Presidency hate graffiti is spreading around my neighborhood in Los Angeles.

Initech

(101,913 posts)
17. Donald Trump is bringing out the worst in people.
Wed Nov 16, 2016, 08:21 PM
Nov 2016

Social media has been unbearable since it happened. Gonna be a long four years.

grantcart

(53,061 posts)
18. Thanks and a question
Thu Nov 17, 2016, 03:35 AM
Nov 2016

Thanks for getting us back up and thanks for returning DU to a sensible identity.

Question: Why wasn't the hack covered more in the news. Were you intentionally trying to keep a low profile? I would have though I would have seen it discussed somewhere but missed it.

Thanks again.

steve2470

(37,468 posts)
20. I told this site we were down, it's a well-known IT site
Thu Nov 17, 2016, 08:58 PM
Nov 2016

Mr.Bill

(24,790 posts)
23. What happened to Discussionist?
Tue Nov 22, 2016, 04:59 PM
Nov 2016

It went down at the same time.

As far as I'm concerned, you should leave it down. While it showed some promise at first, it had turned into a cesspool of sock puppets, alt-right trolls and assholes. The few decent people who were there I assume can still post here, like myself.

groundloop

(12,262 posts)
24. You claiming you're a decent person???
Tue Nov 22, 2016, 06:59 PM
Nov 2016

Mr.Bill

(24,790 posts)
25. Of course.
Tue Nov 22, 2016, 07:34 PM
Nov 2016

At least my dog thinks so.

dubyadiprecession

(6,342 posts)
26. I remember logging in and was immediately asked to serve on a jury.
Tue Nov 22, 2016, 08:17 PM
Nov 2016

I saw the GOD Emperor message and voted to hide it. Then the DU site started to crumble shortly after that with the content of trump in the passenger seat of a limousine pointing a gun.

It was a bad sign for a horrible night.

SCRUBDASHRUB

(7,258 posts)
28. Glad to be back. These past couple of weeks have been doo doo without DU.
Tue Nov 22, 2016, 11:23 PM
Nov 2016
 

Madam45for2923

(7,178 posts)
29. Russians? Hacker did not want us comparing notes on election day!
Wed Nov 23, 2016, 07:55 AM
Nov 2016

napkinz

(17,199 posts)
30. for those of us who clicked on DU when it was hacked
Thu Nov 24, 2016, 09:30 AM
Nov 2016

Have our computers been compromised? (in terms of viruses and malware)

Plus isn't it dangerous if all the members' IP addresses have been obtained?

(This is my first day back since the election and I'm concerned. Thank you for any input.)

Response to Skinner (Original post)

Skinner

(63,645 posts)
32. It'll come back eventually.
Thu Dec 1, 2016, 07:09 PM
Dec 2016

But we need to deal with DU first.

Latest Discussions»Help & Search»Announcements»About the hack