securitybreach Posted February 12, 2019 Share Posted February 12, 2019 Holy crap: "Hackers have breached the severs of email provider VFEmail and wiped the data from all its US servers, destroying all US customers' data in the process. The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost." "This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said."..... It is rare that hackers take steps to wipe out an entire company's data. Most attacks usually end up with hackers using compromised servers for other attacks (like running botnets or hosting malware), or with hackers asking for a ransom payment from hacked victim https://www.zdnet.co...ovider-vfemail/ I have a feeling that this was state sponsored due to the fact that they didn't ask for any ransom. Only a script kiddie would do that and it was something that would probably take a team to accomplish. No one would would do this without wanting a payout of some sort.. Then again, someone could of used their servers for something malicious and then deleted their tracks. Who knows... 2 Quote Link to comment Share on other sites More sharing options...
crp Posted February 13, 2019 Share Posted February 13, 2019 only one backup? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 13, 2019 Author Share Posted February 13, 2019 I do not know as they mentioned that the backups were destroyed as well. Not a lot of info has came out about the whole ordeal. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted February 13, 2019 Share Posted February 13, 2019 VFEmail? Never heard of it. That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 13, 2019 Author Share Posted February 13, 2019 VFEmail? Never heard of it. Yeah, me neither 1 Quote Link to comment Share on other sites More sharing options...
zlim Posted February 13, 2019 Share Posted February 13, 2019 Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. Source: https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/ Looks like they tried to wipe more. Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands. 3 Quote Link to comment Share on other sites More sharing options...
Pete! Posted February 13, 2019 Share Posted February 13, 2019 VFEmail? Never heard of it. That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. VFEmail? Never heard of it. Yeah, me neither That's what was good about it. It was a decent email provider, and most hackers hadn't ever heard of it. I used to use it as my main/default, but eventually the spammers discovered it, and some ISPs would occasionally block it. Looks like the spammers did me a favor, I got a new default in 2014, 2 Quote Link to comment Share on other sites More sharing options...
Pete! Posted February 13, 2019 Share Posted February 13, 2019 (edited) They gave us a new POP server. It appears to work. Webmail is working but it's apparently a new mailbox. Instructions are on their incident page https://www.vfemail.net/incident.php If you use IMAP, read the instructions, before you do anything. I already told people not to use my VFEmail address. I think I'll leave it that way for now. Edited February 13, 2019 by Pete! 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 13, 2019 Author Share Posted February 13, 2019 Wow, I had never even heard of them before the breach. Quote Link to comment Share on other sites More sharing options...
Pete! Posted February 13, 2019 Share Posted February 13, 2019 The just lost their only claim to fame. They haven't got the virus filters back up yet. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 13, 2019 Author Share Posted February 13, 2019 The just lost their only claim to fame. They haven't got the virus filters back up yet. What did they claim? Quote Link to comment Share on other sites More sharing options...
Pete! Posted February 13, 2019 Share Posted February 13, 2019 The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning. They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 13, 2019 Author Share Posted February 13, 2019 The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning. They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed. I was around and on computers back then but I generally used compuserv or prodigy and then earthlink later on. Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted February 20, 2019 Share Posted February 20, 2019 Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. Source: https://krebsonsecur...astrophic-hack/ Looks like they tried to wipe more. Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands. The Krebs article was fascinating. Thanks, Liz! I read the comments all the way to the end. My reaction- the commenter who suggested someone was trying to eliminate evidence may have nailed it. A lot of that going on in recent years. But the usual problem is that so many 'crumbs' are left scattered around when someone tries to eradicate records. Probably a lot of emails locally cached in individual desktops and servers. It would be difficult but not impossible to partially recover some small part of the whole. Perhaps one would start with a complete list of subscribers to that service (if one still' exists!) It strikes me that no one short of a major govt investigative agency would have the resources, however. Sound likes some actor- and I'm betting state actor here- felt they needed to put a stake through the heart of this service, especially as they assessed that it would be fairly easy and thoroughly devastating to do so. While not ruling out sheer malice here, it sounds like a far deeper and more sinister purpose was in play IMO... Yikes! Was that service really set up that shaky and vulnerable? Clutter 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 20, 2019 Author Share Posted February 20, 2019 I agree with your assessment Clutter Well except for this part: It strikes me that no one short of a major govt investigative agency would have the resources I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems. 1 Quote Link to comment Share on other sites More sharing options...
Pete! Posted February 20, 2019 Share Posted February 20, 2019 .........Perhaps one would start with a complete list of subscribers to that service (if one still' exists!) ...... I suspect that they do. All it took to re-create my account (without the contents) was logging into the webmail, on the "nl101.vfemail.net" server. They had (at least) the usernames and passwords left. However, users of the free accounts really had no reason to use their real names and addresses when registering. 1 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted February 26, 2019 Share Posted February 26, 2019 I agree with your assessment Clutter Well except for this part: It strikes me that no one short of a major govt investigative agency would have the resources I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems. Ahhh, point well taken... Yep, I think you're right about that! 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted March 2, 2019 Share Posted March 2, 2019 Hello, I think a state actor would be more targeted; their modus operandi is usually to slip in unnoticed, and make changes so that it seems they were never there. This seems, not clumsy, but, well, attention-generating. It may have been an act by a commercial entity in an attempt to cover their tracks, or an attempt of some sort to send a message, although what that might be and who it was for may never be known. Regards, Aryeh Goretsky 1 Quote Link to comment Share on other sites More sharing options...
Pete! Posted March 11, 2019 Share Posted March 11, 2019 I was unable to login this morning, neither by webmail nor email client. The "Incident page" doesn't have any entries newer than 2/17/19, so I don't have a clue about what happened. Quote Link to comment Share on other sites More sharing options...
zlim Posted March 11, 2019 Share Posted March 11, 2019 I see there are 2 login pages https://www.vfemail.net/horde5/login.php https://www.vfemail.net/roundcube/ did you try both? Quote Link to comment Share on other sites More sharing options...
Lost Posted March 12, 2019 Share Posted March 12, 2019 I was unable to login this morning, neither by webmail nor email client. I experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today. Quote Link to comment Share on other sites More sharing options...
Pete! Posted March 12, 2019 Share Posted March 12, 2019 Yes, it's wo I see there are 2 login pages https://www.vfemail....orde5/login.php https://www.vfemail.net/roundcube/ did you try both? Actually (depending on how you count) five ways. I tried webmail on the both servers, both ways each. I also have Thunderbird set up for their new server. Since the webmail didn't work on either server, I didn't try changing it back to the old server, I'm not counting on it anymore, so my interest was only curiosity. [i experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today. Yes it's working now. Both Horde5 and RoundCube on the web as well as via the Thunderbird client (all using nl101.vfemail.net). There are NO new entries on the "incident page". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.