Feeds

Porno paymaster CCBill hacked hard

Entire database may have been compromised

  • alert
  • submit to reddit

Seven Steps to Software Security

Porn site billing processor CCBill has somehow managed to leak the server passwords of well over a thousand of its clients, whose systems have since been infected by IRC bots listening on port 9872 for whatever commands their owner wishes to issue.

The immediate, superficial concern is that someone is planning a significant DDoS attack with the compromised machines. In this matter CCBill has been forthcoming, issuing a warning to its clients that they need to change their passwords and look for the bot and remove it.

The far more serious question is how some IRC denizen came to possess the admin logins and passwords for servers belonging to so many CCBill clients, and here CCBill has been quite reluctant to talk.

Obviously, this sort of access to Web sites would put the private details and credit card data of millions of porn lovers into the hands of a potentially malicious third party.

I wanted to discuss this particular aspect of the story with CCBill, but was kept on hold for about five minutes and eventually told that I'd have to talk to general manager Tom Fisher, who, conveniently, was in a meeting.

I said Fisher could ring me when his meeting was finished. But then, incredibly, I was told, "No, you have to fax us your questions, and we'll reply with a faxed statement. That's what we're doing with the press."

I was in no mood for this cowardly runaround. "I don't have a fax machine," I replied.

"Well you have access to one, don't you?" the flack replied coyly.

"I don't have time for this bulls**t," I said. Just tell him to ring me when his meeting's over."

"Look," the flack told me abruptly, "I'm telling you what you have to do."

And at that point I quite simply lost it and screamed, "and I'm telling you that if you pull this bulls**t with me, I'll print it!"

And then I hung up.

I never heard back; and unfortunately for CCBill, I believe in keeping my word.

The hack was first reported on the SecurityFocus Incidents mailing list by Dayne Jordan, co-owner of Ohio ISP CompleteWeb, on Wednesday. Jordan found six compromised machines on his own server farm alone.

He did a bit more investigating and found a vast number of the bots running in an IRC channel.

"The common tie between all these compromised accounts is that they are all CCBill customers," Jordan says.

"It appears whoever has obtained the CCBILL list of usernames /passwords systematically SSH's into the customers' servers, installs the IRC Eggdrop bot, and leaves."

It's this business of gliding effortlessly into the sites that has us concerned. There is no question that a major compromise of data has occurred -- so you porno fans out there had better keep a close eye on your credit card statements for the next few months. ®

Story Update

CCBill knew of credit database breach in March

Boost IT visibility and business value

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.