Feeds

Hacked flight sim site in catastrophic crash and burn

Avsim, RIP

SANS - Survey on application security programs

A popular website for users of flight simulation gear has been felled, most likely fatally, after malicious hackers attacked both of the servers housing more than 12 years worth of content supplied by its 60,000 members.

Tom Allensworth, the founder of Avsim.com, said in a statement that that an attack on Tuesday left the site "effectively destroyed." He added: "The method of the hack makes recovery difficult, if not impossible, to recover from. We are not able to predict when we will be back online, if we can come back at all."

The news sent an outpouring of sympathy and rage on temporary forum boards set up in the aftermath. "I just read a post in the SimV forums about the veritable catastrophe that has struck Avsim, and along with it, the flightsimming community as a whole, and was shocked, furious and saddened all at the same time," one participant wrote.

But the debacle has also led to criticism that Avsim operators didn't take steps to better protect the site's rich store of content. According to Allensworth, data from the library and email server was backed up on a separate server for the website and forums and vice versa. Alas, it would appear there was never a master copy stored offsite and offline, so when both servers were attacked, more than a decade of links, software modifications, and exchanges were permanently destroyed.

"Who would have predicted the simultaneous successful attacks on our system?" Allensworth wrote in one message. "Over 12 years of very secure operation and no successful attacks kind of indicated to me that our approach was at least working. On Tuesday, the 12th of May at about 10:00 p.m. EDT, we found out otherwise."

The trouble started earlier that evening, when parts of the site stopped working, according to this account. First, FTP and SSH access to the site stopped working, and later, the web and forum server was knocked offline. Soon, the email and library server also showed signs of problems. It wasn't until the servers were rebooted that the admins discovered that "the partitions on both servers had been removed."

It remains unclear who is responsible or exactly how the attacks were carried out. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.