Announcements
Related: About this forumAbout the hack
This discussion thread was locked by Skinner (a host of the Announcements group).
The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.
The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).
The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.
As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)
After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.
It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.
It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.
We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they may have been able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they did know. That is why we are requiring all members to change their passwords now that the site is back online.
We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.
As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who could do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely have been back online in a couple days. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we did a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.
We would be remiss if we did not recognize the invaluable assistance which DU member Lithos has provided during this security review. We are very grateful for his help. Thank you, Lithos.
We have updated the site on two levels: Elad has been fixing some of the code in our forum software (with help from Lithos), and we have been working with our web host to implement a higher level of security on their end. Now that the site is back up, we are temporarily limiting access to the site to Star Members only. We are taking this precaution because we want to make sure that we are receiving only legitimate traffic during the next couple days while our new security software learns what is legitimate traffic to the site. This limited opening period should only last two or three days.
We know that this has been a long and frustrating process, and the timing could not have possibly been worse. Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you.
--The DU Administrators
Eleanors38
(18,318 posts)Skinner
(63,645 posts)But we'll see what we can do.
yuiyoshida
(42,767 posts)the question you posted, while DU was down. I think what many people had to say was really important and very impressive.
Travis_0004
(5,417 posts)You can use something like TOR, and or a VPN. DU admins can trace an IP address and might just find out that it was out of Hong Kong (just as an example). This doesn't mean that the user is in Hong Kong, he could be anywhere. You have to go to the last server he used (likely a VPN server)
You could ask the VPN to hand over the IP address, but this has problems
The VPN operator won't give it to you.
The VPN operator CANT give it to you (its encrypted, and they can't open it)
The log never existed at all, or at least doesn't exist in a usable form (yeah, here is the list of the 6,000 active users on our service when you were hacked)
Even if the IP log was sitting on the CEO's desk, his business is to keep things like that private. He isn't giving it up. And the Hong Kong courts don't care (they wouldn't give up Edwin Snowden, they are not going to comply with a court order from the US. And remember, what you are tying to get very very likely doesn't exist.
babylonsister
(171,640 posts)In_The_Wind
(72,300 posts)[img][/img] Welcome back DU!
jg10003
(1,029 posts)mopinko
(71,869 posts)it is apparent to me that the cheeto campaign actually had a good idea of how it was going to go down. you didnt need polling to tell you this would be close.
so what do thugs do when the going gets tough? why, they cheat.
i cant help thinking that du's history of digging into stinky election results was the reason for the hack. i think that recent history has told us that when numbers are cock-eyed, there is a cheat in there somewhere. hillary winning the popular vote but loosing the election could be legit, but that is quite a needle to thread.
i noticed on msnbc today that they were talking about how the voting went, where the surges were, where they got those extra votes. they mentioned that "there was a big surge late in the day". now, that happens ferrealz. but it also happens when the cheater figure out how many votes they need to stuff. they always do that late in the day.
i'm not sayin, i'm just sayin.
this really deserves serious scrutiny.
but holy hell am i glad you guys are back. thanks so much for sticking it out. i certainly would have been conflicted about going to all that work for such a crazy bunch.
du forever.
herding cats
(19,615 posts)I was going to email it to you, then I realized how busy you must be at the time.
Adieu, Progressive Internet?
P.S. I had to delete the "http://" again in the code before linking.
sheshe2
(87,705 posts)I vote for a raise for Elad. Plus EarlG got me back on tonight, problem with my email.
Thanks to you all.
lillypaddle
(9,605 posts)EarlG got me back on, problem with my email. Thanks to all of you for your hard work. Felt like I was without a lifeline.
Kudos, gents ...
CTyankee
(65,091 posts)it's been a rough week for us liberals...somewhere in my head I hear the strains of Willie Nelson singing "...but life goes on..."
steve2470
(37,468 posts)lastlib
(24,947 posts)Last edited Fri Nov 18, 2016, 09:00 PM - Edit history (1)
We definitely APPRECIATE all you've done!
God, I missed this place the past week. It's my only support at times like this. I will happily contribute to a reward fund for info leading to the arrest, conviction and hanging of the pond-scum that hacked us! I know you guys had a lot of headaches and long hours fixing this shit-stain's attack. I would personally like to beat the holy fuck out of him. I really think you guys should pull in the FBI on this--though I doubt that effin' SOB Comey would be very helpful.
Sunlei
(22,651 posts)The security company who worked on DNC file theft isn't very expensive & they directly work with FBI internet crime division. There is of course no charge to file the crime with FBI and Justice Dept.
friendly_iconoclast
(15,333 posts)Initech
(102,085 posts)Apparently there's a group called "Legions Of Pepe" was taking credit for the attack. It was being bragged about on the Ron Paul Forums. It looks like the page was taken down but that's pretty alarming that I found that.
And fuck Ron Paul!
Lithos
(26,462 posts)Pepe the front is a symbol of the alt-right, particularly those who hang out on 4Chan and Reddit. They have generically also been calling themselves (and been referred to) as the Pepe Legion.
Joe Bacon
(5,167 posts)Mac Tonight has also been turned into a symbol of anti-Semitism along with Pepe. So sad that since Trump stole the Presidency hate graffiti is spreading around my neighborhood in Los Angeles.
Initech
(102,085 posts)Social media has been unbearable since it happened. Gonna be a long four years.
grantcart
(53,061 posts)Thanks for getting us back up and thanks for returning DU to a sensible identity.
Question: Why wasn't the hack covered more in the news. Were you intentionally trying to keep a low profile? I would have though I would have seen it discussed somewhere but missed it.
Thanks again.
steve2470
(37,468 posts)Some of the commenters are pretty RW, so fyi.
Mr.Bill
(24,813 posts)It went down at the same time.
As far as I'm concerned, you should leave it down. While it showed some promise at first, it had turned into a cesspool of sock puppets, alt-right trolls and assholes. The few decent people who were there I assume can still post here, like myself.
groundloop
(12,306 posts)Mr.Bill
(24,813 posts)At least my dog thinks so.
dubyadiprecession
(6,362 posts)I saw the GOD Emperor message and voted to hide it. Then the DU site started to crumble shortly after that with the content of trump in the passenger seat of a limousine pointing a gun.
It was a bad sign for a horrible night.
SCRUBDASHRUB
(7,258 posts)Madam45for2923
(7,178 posts)napkinz
(17,199 posts)Have our computers been compromised? (in terms of viruses and malware)
Plus isn't it dangerous if all the members' IP addresses have been obtained?
(This is my first day back since the election and I'm concerned. Thank you for any input.)
Response to Skinner (Original post)
Name removed Message auto-removed
Skinner
(63,645 posts)But we need to deal with DU first.