Feeds

Porno paymaster CCBill hacked hard

Entire database may have been compromised

  • alert
  • submit to reddit

The essential guide to IT transformation

Porn site billing processor CCBill has somehow managed to leak the server passwords of well over a thousand of its clients, whose systems have since been infected by IRC bots listening on port 9872 for whatever commands their owner wishes to issue.

The immediate, superficial concern is that someone is planning a significant DDoS attack with the compromised machines. In this matter CCBill has been forthcoming, issuing a warning to its clients that they need to change their passwords and look for the bot and remove it.

The far more serious question is how some IRC denizen came to possess the admin logins and passwords for servers belonging to so many CCBill clients, and here CCBill has been quite reluctant to talk.

Obviously, this sort of access to Web sites would put the private details and credit card data of millions of porn lovers into the hands of a potentially malicious third party.

I wanted to discuss this particular aspect of the story with CCBill, but was kept on hold for about five minutes and eventually told that I'd have to talk to general manager Tom Fisher, who, conveniently, was in a meeting.

I said Fisher could ring me when his meeting was finished. But then, incredibly, I was told, "No, you have to fax us your questions, and we'll reply with a faxed statement. That's what we're doing with the press."

I was in no mood for this cowardly runaround. "I don't have a fax machine," I replied.

"Well you have access to one, don't you?" the flack replied coyly.

"I don't have time for this bulls**t," I said. Just tell him to ring me when his meeting's over."

"Look," the flack told me abruptly, "I'm telling you what you have to do."

And at that point I quite simply lost it and screamed, "and I'm telling you that if you pull this bulls**t with me, I'll print it!"

And then I hung up.

I never heard back; and unfortunately for CCBill, I believe in keeping my word.

The hack was first reported on the SecurityFocus Incidents mailing list by Dayne Jordan, co-owner of Ohio ISP CompleteWeb, on Wednesday. Jordan found six compromised machines on his own server farm alone.

He did a bit more investigating and found a vast number of the bots running in an IRC channel.

"The common tie between all these compromised accounts is that they are all CCBill customers," Jordan says.

"It appears whoever has obtained the CCBILL list of usernames /passwords systematically SSH's into the customers' servers, installs the IRC Eggdrop bot, and leaves."

It's this business of gliding effortlessly into the sites that has us concerned. There is no question that a major compromise of data has occurred -- so you porno fans out there had better keep a close eye on your credit card statements for the next few months. ®

Story Update

CCBill knew of credit database breach in March

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
'Aaaah FFS, 'amazeballs' has made it into the OXFORD DICTIONARY'
Plus: 'EE, how shocking, ANOTHER problem I face with your service'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.