Boards.ie Attack - What Happened? Please post all questions here.

DublinWriter

As someone who runs a much smaller vb site, I'd be interested in knowing how the attack worked, whether through vb, mysql or something more insidious.

Hopefully Boards will be able to share the information with the wider community at some point in the future.

Conor

DublinWriter wrote: »

As someone who runs a much smaller vb site, I'd be interested in knowing how the attack worked, whether through vb, mysql or something more insidious.

Hopefully Boards will be able to share the information with the wider community at some point in the future.

We'll release more details later.

For now, just do the usual: keep up to date, choose strong passwords, restrict accounts to the lowest level of permissions that they need, etc.

Scrumpy Jack

Conor wrote: »

We'll release more details later.

For now, just do the usual: keep up to date, choose strong passwords, restrict accounts to the lowest level of permissions that they need, etc.

Do we get to know what Admins account was compromised or will that be kept under hat like Governments do? No "need for people to know that information" as it has no merits.

I am all out of sound bites

" We'll release more details later"

muffler

Scrumpy Jack wrote: »

Do we get to know what Admins account was compromised or will that be kept under hat like Governments do? No "need for people to know that information" as it has no merits.

I am all out of sound bites

" We'll release more details later"

Have you read anything that has been posted in this thread? There is a Garda investigation in place among other things and surely you would appreciate that details cant be posted until all investigations are concluded.

KoolKid

From the start Boards.ie have been very open about everything that happened. No doubt they will disclose more when the time is right. Untill then there is no point in keeping asking.

randylonghorn

Scrumpy Jack wrote: »

Do we get to know what Admins account was compromised or will that be kept under hat like Governments do? No "need for people to know that information" as it has no merits.

I don't mean to sound like a dick, but why would that specific piece of information matter to anyone bar the HQ team?

Nor do I see why Boards would / should be expected to be accountable / transparent in the same way as we have a right to expect our govt. to be (though it never happens).

I would be in favour of the details of the "crack" being given out on a "need to know" basis, i.e. given to admins of other mesage boards using the same application.

There is no real need to provide details to everyone, otherwise there is a risk that the wrong people could obtain sufficient information to crack other sites.

After all you don't show everyone how the lock on your car was picked!

jimmycrackcorm

Darragh wrote: »

Can you email me again right now and I'll sort it for you please? Hello@boards.ie

Not trying to be cranky or unappreciative of the effort to reunite accounts - but how many emails do I have to send or reply to to get fixed up?

Bonito

jimmycrackcorm1 wrote: »

Not trying to be cranky or unappreciative of the effort to reunite accounts - but how many emails do I have to send or reply to to get fixed up?

http://www.boards.ie/vbulletin/showthread.php?t=2055819494

http://www.boards.ie/vbulletin/showpost.php?p=64322363&postcount=15

u jus missed the admins earlier

Darragh

jimmycrackcorm1 wrote: »

Not trying to be cranky or unappreciative of the effort to reunite accounts - but how many emails do I have to send or reply to to get fixed up?

Just the one with your username, your old username and the details of proof of ownership and we'll get to it as soon as we can. Sincere apologies for the delay - it's honestly as frustrating for us.

Darragh

jimmycrackcorm wrote: »

Not trying to be cranky or unappreciative of the effort to reunite accounts - but how many emails do I have to send or reply to to get fixed up?

Hey there, you should be sorted now. Again, massive apologies for the delay.

Darragh

seamus

Darragh, how many mails have you received since the 22nd and how many have you got now?

Might be useful to give people an idea of the scale of what you've had to deal with

Darragh

Hey Seamus, good question.

We're up over 2,500 - we've dealt with a good 600 of those between the Friday we came back up and today, but it's a very manual process, and can take up to 5 minutes per member.

The process at the moment is:

1. Member emails in with query but doesn't give all the details we need
2. We get back to them
3. They come back
4. We reunite them with their account

The quickest ones to respond to are the ones that give us their original username and all the details requested here.

We also, people should understand (please and thanks), have all of our other day-to-day work to do, emails to answer, meetings to attend etc. This is our priority and while it's not happening as quick as either Dav or I would like, it is happening and people's patience is appreciated.

If people do want to post on Boards.ie, they can set up an alternate account and we will merge this back into their original account when sorting it out. They should mention that in their emails.

Hope that helps!

Darragh

TheLargerBowl

Hey, have sent all that info twice now (as soon as the post went up about what info was required, and in reply to an email requesting it), but still haven't heard anything back since then.

Victor_M

If it's any consolation, I had no appreciation for how dependant I was on boards every day until the site went down, so much so I subscribed as soon as you came back online.

I was over due a password refresh across the board anyway!

jimmycrackcorm

Darragh wrote: »

Hey there, you should be sorted now. Again, massive apologies for the delay.

Darragh

Big thanks to Darragh, obviously a Liverpool supporter because he was so on the ball - t'was my own fault though - I'd set all no_reply@boards.ie to the bin.

RoundyMooney

I move you should all buy the Two D's™ a beer each as thanks.

That should keep them going 'til oh, 2024?

The Muppet

I heard the piece on morning Ireland this morning, interesting stuff, well done to all involved.

ToadVine

I'm not sure if this is the place to post this, and I have not read the entire thread, but I thought this might be of interest.

http://www.timesonline.co.uk/tol/news/world/ireland/article7026385.ece

"A computer hacker in Latvia was behind last month’s cyber attack on boards.ie, which resulted in the theft of data associated with thousands of its users.

The hacker has already used stolen passwords and email addresses to access credit from gambling websites, but the full scale of his activities is not yet clear. Gardai believe the theft of email addresses, passwords and other data, raises the prospect of long-term identity fraud, which could take more than a year to become known to a victim....
The cyber crime, the biggest in the history of the state, is the subject of an international inquiry involving Interpol, the Garda Bureau of Fraud Investigation (GBFI) and the Latvian police."

Basq

Is the above piece true? If so.. it's a bit lousy that reporters at The Times Online learned of it before the loyal and dedicated users of this site.

To quote my father - "I'm not annoyed.. I'm just disappointed!"

Steve

Interesting.

Just to re-iterate that boards.ie does not have any credit card or bank account information in it's database so if what the article says is true then it's because the criminals were able to determine peoples passwords to their online banking or credit card accounts because they happened to use the same one for everything. Not clever in this day and age.

* the above is personal opinion and in no way represents any official statement by boards.ie.

Darragh

O

basquille wrote: »

Is the above piece true? If so.. it's a bit lousy that reporters at The Times Online learned of it before the loyal and dedicated users of this site.

To quote my father - "I'm not annoyed.. I'm just disappointed!"

Basquille and everyone else, there's an ongoing criminal investigation. We are working with the Garda Computer Crime Unit on this and taking their advice on what we do and don't confirm.

The Sunday Times article was not published with our "approval" (can't think of a better word) or collaboration. We have, from the beginning, been direct, honest and fortright about the incident and maintain that transparency where possible and legally appropriate.

I'm sorry anyone is disappointed to read the article. It wouldn't be how we'd give you news either.

DeVore

The article is not particularly accurate either.

We have been working with the Gardai and they asked us to constrict the information we released. We were informed of this piece a 2ish on Saturday afternoon and after a hurried conversation with the gardai, during which we suggested releasing this information first, they asked us not to. This is an extremely sensitive investigation which is only in its infancy but I'll say more when I can.

There are many many arcs to this tale and unfortunately we can only tell you some of them at the moment.

DeV.

EKRIUQ

basquille wrote: »

Is the above piece true? If so.. it's a bit lousy that reporters at The Times Online learned of it before the loyal and dedicated users of this site.

To quote my father - "I'm not annoyed.. I'm just disappointed!"

Boards.ie now is not just a community website it also a partly commercial driven website as there's plenty of bills to pay. By releasing the information The Times had I'm sure would do more damage than good to the website as it could damage confidence by the users and members of the website. The owners have to look after the best interest of the site.

Darragh

... or have to comply with a Garda investigation and their requests.

The Sunday Times was asked not to publish the article because of the investigation and declined the request.

Jonathan

Darragh wrote: »

... or have to comply with a Garda investigation and their requests.

The Sunday Times was asked not to publish the article because of the investigation and declined the request.

Where did they get the information in the first place?

Gordon

Darragh wrote: »

... or have to comply with a Garda investigation and their requests.

The Sunday Times was asked not to publish the article because of the investigation and declined the request.

/strikes the times off my shopping list

Darragh

Jonathan wrote: »

Where did they get the information in the first place?

Good question.

AckwelFoley

The Times makes money publishing stories.Its what they do.


Am i suprised they published the story despite been asked not to?

No, if they complyed with the requests of everybody they would probably never post an article based on a criminal investigation

Do i believe that the hacker took credit card details of users from boards.ie? Absolutey not... have you ever tried to donate to boards.ie related charities or subscribe? Afaik, they use a third party.

Lollipops23

Gordon wrote: »

/strikes the times off my shopping list

+1

It's insane that they can get away with publishing something that could potentially comprimise a criminal investigation. Like,I'm all for bringing this stuff to the public's attention but not at the expense of the case!