Jump to content


Hackers wipe US servers of email provider VFEmail


  • Please log in to reply
21 replies to this topic

#1 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 12 February 2019 - 07:49 PM

Holy crap:

Quote

"Hackers have breached the severs of email provider VFEmail and wiped the data from all its US servers, destroying all US customers' data in the process. The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice.

"At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost." "This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said.".....

Posted Image

It is rare that hackers take steps to wipe out an entire company's data. Most attacks usually end up with hackers using compromised servers for other attacks (like running botnets or hosting malware), or with hackers asking for a ransom payment from hacked victim

https://www.zdnet.co...ovider-vfemail/

I have a feeling that this was state sponsored due to the fact that they didn't ask for any ransom. Only a script kiddie would do that and it was something that would probably take a team to accomplish. No one would would do this without wanting a payout of some sort.. Then again, someone could of used their servers for something malicious and then deleted their tracks. Who knows...
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   crp

crp

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,139 posts

Posted 12 February 2019 - 10:30 PM

only one backup?
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 12 February 2019 - 10:53 PM

I do not know as they mentioned that the backups were destroyed as well. Not a lot of info has came out about the whole ordeal.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,627 posts

Posted 13 February 2019 - 08:31 AM

VFEmail? Never heard of it.

That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. :(
Posted Image

Posted Image

#5 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 13 February 2019 - 08:34 AM

View PostV.T. Eric Layton, on 13 February 2019 - 08:31 AM, said:

VFEmail? Never heard of it.

Yeah, me neither :ermm:
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#6 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,185 posts

Posted 13 February 2019 - 10:09 AM

Quote

Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.
Source: https://krebsonsecur...astrophic-hack/

Looks like they tried to wipe more.

Quote

Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.

Liz
Registered Linux User # 401459
Posted Image

#7 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 13 February 2019 - 10:12 AM

View PostV.T. Eric Layton, on 13 February 2019 - 08:31 AM, said:

VFEmail? Never heard of it.

That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. :(

View Postsecuritybreach, on 13 February 2019 - 08:34 AM, said:

View PostV.T. Eric Layton, on 13 February 2019 - 08:31 AM, said:

VFEmail? Never heard of it.

Yeah, me neither :ermm:
That's what was good about it. It was a decent email provider, and most hackers hadn't ever heard of it.

I used to use it as my main/default, but eventually the spammers discovered it, and some ISPs would occasionally block it.
Looks like the spammers did me a favor, I got a new default in 2014,

#8 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 13 February 2019 - 04:53 PM

They gave us a new POP server. It appears to work.
Webmail is working but it's apparently a new mailbox.
Instructions are on their incident page https://www.vfemail.net/incident.php
If you use IMAP, read the instructions, before you do anything.

I already told people not to use my VFEmail address. I think I'll leave it that way for now.

Edited by Pete!, 13 February 2019 - 05:54 PM.


#9 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 13 February 2019 - 05:24 PM

Wow, I had never even heard of them before the breach.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#10 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 13 February 2019 - 05:55 PM

The just lost their only claim to fame.
They haven't got the virus filters back up yet.

#11 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 13 February 2019 - 06:11 PM

View PostPete!, on 13 February 2019 - 05:55 PM, said:

The just lost their only claim to fame.
They haven't got the virus filters back up yet.

What did they claim?
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#12 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 13 February 2019 - 06:42 PM

The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning.

They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed.

#13 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 13 February 2019 - 06:44 PM

View PostPete!, on 13 February 2019 - 06:42 PM, said:

The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning.

They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed.

I was around and on computers back then but I generally used compuserv or prodigy and then earthlink later on.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#14 OFFLINE   Cluttermagnet

Cluttermagnet

    Nocturnal Radio Geek

  • Forum MVP
  • 3,871 posts

Posted 20 February 2019 - 07:32 AM

View Postzlim, on 13 February 2019 - 10:09 AM, said:

Quote

Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.
Source: https://krebsonsecur...astrophic-hack/

Looks like they tried to wipe more.

Quote

Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.

The Krebs article was fascinating. Thanks, Liz! I read the comments
all the way to the end. My reaction- the commenter who suggested
someone was trying to eliminate evidence may have nailed it. A lot
of that going on in recent years. But the usual problem is that so many
'crumbs' are left scattered around when someone tries to eradicate
records. Probably a lot of emails locally cached in individual
desktops and servers. It would be difficult but not impossible to
partially recover some small part of the whole. Perhaps one would
start with a complete list of subscribers to that service (if one still'
exists!) It strikes me that no one short of a major govt investigative
agency would have the resources, however. Sound likes some actor-
and I'm betting state actor here- felt they needed to put a stake through
the heart of this service, especially as they assessed that it would
be fairly easy and thoroughly devastating to do so. While not ruling
out sheer malice here, it sounds like a far deeper and more
sinister purpose was in play IMO... Yikes! Was that service really
set up that shaky and vulnerable?

Clutter
Special Limited Edition Cluttermaster 2007 with direct air cooling system.
"ClutterLabs" --open hardware for open software" .......... Registered Linux User 446867


("It takes an entire village to raise a child...")
"It takes only one bulldozer to raze an entire village..."
"Hey, Fred- isn't that your kid driving that bulldozer?"

In loving memory of Bruno Knaapen of Amsterdam, who shared
his love of Linux, and thereby made the world a better place...

#15 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,268 posts

Posted 20 February 2019 - 08:28 AM

I agree with your assessment Clutter :thumbsup:

Well except for this part:

Quote

It strikes me that no one short of a major govt investigative agency would have the resources


I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#16 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 20 February 2019 - 09:59 AM

View PostCluttermagnet, on 20 February 2019 - 07:32 AM, said:

.........Perhaps one would start with a complete list of subscribers to that service (if one still'
exists!) ......
I suspect that they do. All it took to re-create my account (without the contents) was logging into the webmail, on the "nl101.vfemail.net" server. They had (at least) the usernames and passwords left.

However, users of the free accounts really had no reason to use their real names and addresses when registering.

#17 OFFLINE   Cluttermagnet

Cluttermagnet

    Nocturnal Radio Geek

  • Forum MVP
  • 3,871 posts

Posted 26 February 2019 - 07:49 PM

View Postsecuritybreach, on 20 February 2019 - 08:28 AM, said:

I agree with your assessment Clutter :thumbsup:

Well except for this part:

Quote

It strikes me that no one short of a major govt investigative agency would have the resources


I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems.

Ahhh, point well taken... Yep, I think you're right about that!
Special Limited Edition Cluttermaster 2007 with direct air cooling system.
"ClutterLabs" --open hardware for open software" .......... Registered Linux User 446867


("It takes an entire village to raise a child...")
"It takes only one bulldozer to raze an entire village..."
"Hey, Fred- isn't that your kid driving that bulldozer?"

In loving memory of Bruno Knaapen of Amsterdam, who shared
his love of Linux, and thereby made the world a better place...

#18 OFFLINE   goretsky

goretsky

    Posting Prodigy

  • Forum Moderators
  • 2,041 posts

Posted 02 March 2019 - 05:12 AM

Hello,

I think a state actor would be more targeted; their modus operandi is usually to slip in unnoticed, and make changes so that it seems they were never there.  This seems, not clumsy, but, well, attention-generating.  It may have been an act by a commercial entity in an attempt to cover their tracks, or an attempt of some sort to send a message, although what that might be and who it was for may never be known.

Regards,

Aryeh Goretsky

Dexter is a good dog.

Aryeh Goretsky
Microsoft MVP 2004.1-2018.6 [Cloud and Datacenter Management]

(previously Networking, Windows, Windows for Devices and IT)
FacebookGoogle+ personal blogpersonal websiteTwitter work blog

#19 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 11 March 2019 - 09:04 AM

I was unable to login this morning, neither by webmail nor email client.
The "Incident page" doesn't have any entries newer than 2/17/19, so I don't have a clue about what happened.

#20 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,185 posts

Posted 11 March 2019 - 09:43 AM

I see there are 2 login pages
https://www.vfemail....orde5/login.php
https://www.vfemail.net/roundcube/

did you try both?
Liz
Registered Linux User # 401459
Posted Image

#21 OFFLINE   Lost

Lost

    New Kid

  • Members
  • Pip
  • 4 posts

Posted 12 March 2019 - 06:35 AM

View PostPete!, on 11 March 2019 - 09:04 AM, said:

I was unable to login this morning, neither by webmail nor email client.

I experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today.

#22 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 315 posts

Posted 12 March 2019 - 09:34 AM

Yes, it's wo

View Postzlim, on 11 March 2019 - 09:43 AM, said:

I see there are 2 login pages
https://www.vfemail....orde5/login.php
https://www.vfemail.net/roundcube/

did you try both?
Actually (depending on how you count) five ways. I tried webmail on the both servers, both ways each.
I also have Thunderbird set up for their new server. Since the webmail didn't work on either server, I didn't try changing it back to the old server, I'm not counting on it anymore, so my interest was only curiosity.

View PostLost, on 12 March 2019 - 06:35 AM, said:

[I experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today.
Yes it's working now. Both Horde5 and RoundCube on the web as well as via the Thunderbird client (all using nl101.vfemail.net).
There are NO new entries on the "incident page".




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users