Feeds

Porno paymaster CCBill hacked hard

Entire database may have been compromised

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Porn site billing processor CCBill has somehow managed to leak the server passwords of well over a thousand of its clients, whose systems have since been infected by IRC bots listening on port 9872 for whatever commands their owner wishes to issue.

The immediate, superficial concern is that someone is planning a significant DDoS attack with the compromised machines. In this matter CCBill has been forthcoming, issuing a warning to its clients that they need to change their passwords and look for the bot and remove it.

The far more serious question is how some IRC denizen came to possess the admin logins and passwords for servers belonging to so many CCBill clients, and here CCBill has been quite reluctant to talk.

Obviously, this sort of access to Web sites would put the private details and credit card data of millions of porn lovers into the hands of a potentially malicious third party.

I wanted to discuss this particular aspect of the story with CCBill, but was kept on hold for about five minutes and eventually told that I'd have to talk to general manager Tom Fisher, who, conveniently, was in a meeting.

I said Fisher could ring me when his meeting was finished. But then, incredibly, I was told, "No, you have to fax us your questions, and we'll reply with a faxed statement. That's what we're doing with the press."

I was in no mood for this cowardly runaround. "I don't have a fax machine," I replied.

"Well you have access to one, don't you?" the flack replied coyly.

"I don't have time for this bulls**t," I said. Just tell him to ring me when his meeting's over."

"Look," the flack told me abruptly, "I'm telling you what you have to do."

And at that point I quite simply lost it and screamed, "and I'm telling you that if you pull this bulls**t with me, I'll print it!"

And then I hung up.

I never heard back; and unfortunately for CCBill, I believe in keeping my word.

The hack was first reported on the SecurityFocus Incidents mailing list by Dayne Jordan, co-owner of Ohio ISP CompleteWeb, on Wednesday. Jordan found six compromised machines on his own server farm alone.

He did a bit more investigating and found a vast number of the bots running in an IRC channel.

"The common tie between all these compromised accounts is that they are all CCBill customers," Jordan says.

"It appears whoever has obtained the CCBILL list of usernames /passwords systematically SSH's into the customers' servers, installs the IRC Eggdrop bot, and leaves."

It's this business of gliding effortlessly into the sites that has us concerned. There is no question that a major compromise of data has occurred -- so you porno fans out there had better keep a close eye on your credit card statements for the next few months. ®

Story Update

CCBill knew of credit database breach in March

Remote control for virtualized desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.