Feeds

Porno paymaster CCBill hacked hard

Entire database may have been compromised

  • alert
  • submit to reddit

High performance access to file storage

Porn site billing processor CCBill has somehow managed to leak the server passwords of well over a thousand of its clients, whose systems have since been infected by IRC bots listening on port 9872 for whatever commands their owner wishes to issue.

The immediate, superficial concern is that someone is planning a significant DDoS attack with the compromised machines. In this matter CCBill has been forthcoming, issuing a warning to its clients that they need to change their passwords and look for the bot and remove it.

The far more serious question is how some IRC denizen came to possess the admin logins and passwords for servers belonging to so many CCBill clients, and here CCBill has been quite reluctant to talk.

Obviously, this sort of access to Web sites would put the private details and credit card data of millions of porn lovers into the hands of a potentially malicious third party.

I wanted to discuss this particular aspect of the story with CCBill, but was kept on hold for about five minutes and eventually told that I'd have to talk to general manager Tom Fisher, who, conveniently, was in a meeting.

I said Fisher could ring me when his meeting was finished. But then, incredibly, I was told, "No, you have to fax us your questions, and we'll reply with a faxed statement. That's what we're doing with the press."

I was in no mood for this cowardly runaround. "I don't have a fax machine," I replied.

"Well you have access to one, don't you?" the flack replied coyly.

"I don't have time for this bulls**t," I said. Just tell him to ring me when his meeting's over."

"Look," the flack told me abruptly, "I'm telling you what you have to do."

And at that point I quite simply lost it and screamed, "and I'm telling you that if you pull this bulls**t with me, I'll print it!"

And then I hung up.

I never heard back; and unfortunately for CCBill, I believe in keeping my word.

The hack was first reported on the SecurityFocus Incidents mailing list by Dayne Jordan, co-owner of Ohio ISP CompleteWeb, on Wednesday. Jordan found six compromised machines on his own server farm alone.

He did a bit more investigating and found a vast number of the bots running in an IRC channel.

"The common tie between all these compromised accounts is that they are all CCBill customers," Jordan says.

"It appears whoever has obtained the CCBILL list of usernames /passwords systematically SSH's into the customers' servers, installs the IRC Eggdrop bot, and leaves."

It's this business of gliding effortlessly into the sites that has us concerned. There is no question that a major compromise of data has occurred -- so you porno fans out there had better keep a close eye on your credit card statements for the next few months. ®

Story Update

CCBill knew of credit database breach in March

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.