Has ImageShack been HACKED?

**DrakenViator** · 07-10-2009, 11:49 PM

So I was looking over the forums at Game Artisans when what was once picture of a work in progress (WIP) was replaced by THIS:

(media files)

On further looking two or three WIP's had been replaced by this same 'image' or rather manifesto. Each copy is a fully diffrent link and it almost looks like whoever took charge just replaced every image on ImageShack with this rant. I tried a few news sights but nothing is listed at this time. Does any one have any clue as to what is going on?

~ Draken

**DrakenViator** · 07-11-2009, 12:33 AM

Found some info on the ImageShack Forums... All times are GMT

Quote:

Today, 02:19 AM gwenhaven
Junior Member Join Date: Jul 2009 Posts: 1

It's definitely been hacked now, by Antisec. Bastards messed with my image files and slipped their own image in so it filled my forum where I was posting images with their crap.
Not using this hosting site any more. sad.

Quote:

#4 Old Today, 02:21 AMgeisha_punk
Junior Member Join Date: Jul 2009
Location: the windy city Posts: 5

Yeah I go on message boards where most images are uploaded from here cause it's reliable but now since it's been hacked, allllllllll those images are replaced with that stupid message. It's horrible, the forums I frequent have that nasty image.

Quote:

#5 Old Today, 02:31 AM iBorg
Junior Member Join Date: Jul 2009 Posts: 4

So...basically we're out of luck?

Quote:

#6 Old Today, 02:39 AM dewdude420
Junior Member Join Date: Jul 2009 Posts: 1

Yes/no.

None of your images were deleted. The first thing I did was log in to look. I seemed to notice a few things...for starters, I had a lot of blank images I didn't have before...and there were several copies of the anti-sec message.

I can't determine exactly WHAT they've done. Some of the image thumbnails looked like they weren't completely uploaded..but when you click for the info the image doesn't show up properly..but fills the background of the entire box. I suspect they may have looked at what images were being accessed externally the most and targeted those images.

The images are just there...the filenames have just been changed.

Jaman · 07-11-2009, 12:39 AM

Came across a PC World article on the group http://www.pcworld.com/businesscente...st_a_hoax.html

**DrakenViator** · 07-11-2009, 12:42 AM

First paragraph says it all...

Quote:

The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files.

~ Draken

rolypoly · 07-11-2009, 03:16 AM

I saw that too when i am about to view a big boobs girl pic posted by my friend on a forum..

so was it hacked or??

**DrakenViator** · 07-11-2009, 04:24 AM

Quote:

Originally Posted by rolypoly

... so was it hacked or??

It looks like it, but no official word as to when or how. All that is know is that a group called "Anti-sec" somehow replaced a lot of images with their own manifesto. Considering this cyber-attack is less then 12 hours old at time of post (First reports seem to be at or around 22:00 - 23:00 EDT) I would wager that the 'crisis team' is only now starting to get into full swing. There have been conflicting reports of this issue as still spreading, while others say they have regained access to their files.

For all I know ImageShack could be under continued assault as we speak, or is in cleanup mode. In short I think we have our 'big' news topic for the next few days as more details emerge.

~ Draken

**DrakenViator** · 07-11-2009, 01:33 PM

Quote:

Sami Hartsfield - Houston Legal Issues Examiner

Here’s the deal: Anti-Sec guys are apparently wholly against the idea of “full disclosure.” What’s that, you ask? According to the rogue group, it’s the security industry practice of making publicly available all security vulnerabilities in order to, as in the example above, enrich itself by selling yet more security software, firewalls, ad nauseum. But, so the gripe by Anti-Sec goes, by making public this security vulnerability information, “genuine” hackers can use it to further their malicious ways, thereby causing all us grief and to, well, buy more security and anti-virus software. It’d be like the United States government publishing top secret security vulnerabilities at nuclear power plants, thereby practically forcing us to buy their nuclear-proof spacesuits. That’s a far-fetched analogy, but you get the gist.

So the Anti-Sec Movement proposes – indeed, they promise -- to hack any and all such alleged perpetrators with its perceived impunity, ostensibly in order to stop the perps from “full disclosure.”

Following is a part of the Anti-Sec message (link withheld):

Quote:

Originally Posted by Anti-Sec

Check list / Goals:
Take down every public forum, group, or website that helps in promoting exploits and tools or have show-off sections.
Publish exploits rigged with /bin/rm to whitehats, let them rm their own boxes for you.
Spread the anti-security movement.

-----[ Rules of Engagement:

Don't get too cocky.
Don't underestimate anyone.

Also:
F**k full-disclosure
~ F**k the security industry
~ Keep 0days private
~ Hack everyone you can and then hack some more
Blend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.

So basically if I read this right they are upset because people are exposing holes in security forcing the security companies to close those holes and making it harder for them to hack peoples stuff. Or rather that by publishing these gaps and making them known more people have access to the hacks. Now they say it is just so that they can 'protect us from the masses' once the threats are published but before a patch is made, and to 'protect us' from the security industry who are trying to 'scare us into submission,' but seriously WTF?

'Let's pretend that there is no threat that way we can all live happy lives!' Look in situations where the odds of the event are rare (Lets say WWIII) yes you're correct there really is no point in worrying about it 24/7 preparing for something that may never come. But with computer security, what something like every couple of seconds, a computer someplace in the world is either hacked or infected by some kind of bug. The fact is computer security is a REAL threat and needs to be addressed.

I'll have to review some of my old tech magazines that I have laying around, but if memory serves the reason we have 'full-disclosure' is because the way it used to be was if a bug or exploit was reported in private it was often brushed under the rug. The thought was if no-one knows about the exploit then we don't have spend money to fix it. In short companies didn't care about security unless it became a widely known issue, hence full-disclosure, a way for force companies into fixing their code.

Now I know that this can create other issues as well, such as: Most companies will work to fix any 'major' threats at all times despite if it is publicly known or not. There have been times where a firm was aware of the threat and working on the solution only to have the problem compounded by the exploit being leaked out. In this regard I see some logic in Anti-sec's claim, if only a VERY little. What they don't say is if they support disclosing hack/exploits privately to companies or if they want to hoard them all for themselves thus, my first argument they want to keep the 'back doors' open but only for themselves.

~ Draken

**kevlarorc** · 07-12-2009, 07:33 PM

I'm seeing several of my images missing from ImageShack today, I don't know if it is related to this.

**Jeepo_SAS** · 07-13-2009, 09:11 AM

Same here, I can only assume it is.