Site with alleged FBI, Homeland Security data now down
Days after supposed FBI and Department of Homeland Security employee information appeared online, the site hosting that data is down.
CryptoBin — a service that allows users to anonymously share text — is currently accessible only through its numeric Internet protocol address. That, along with other domain statuses that appear when requesting the website’s information, suggest that the company that registered CrytoBin’s domain name has made it more difficult to find.
The registrar, eNom, referred questions about the site to the owner of the domain.
A phone number listed in CrytoBin’s site domain information was disconnected. An e- mail sent to a support address associated with CryptoBin was not returned.
The domain look- up did not reveal the name of the owner, though it did list a P. O. box in Panama.
A Department of Justice spokesman, who previously
confirmed that the agency was investigating a possible breach of its systems, declined to comment when asked if the agency had anything to do with the takedown.
When users navigate to a website, they type in an address, such as www. google. com. In the background, a decentralized system of domain name servers, known as DNS, connect those alphabetic names to numeric addresses.
In the case of CryptoBin. org, the alphabetic address is dead while the numeric address — https:// 151.236.7.11 — has remained live.
Given the timing of the takedown, there are obvious guesses as to who might be behind it, said Brian Martin, the director of vulnerability intelligence at Risk Based Security in Richmond, Va.
“The most likely thing is that either ( eNom) themselves or the feds said: ‘ Yank their DNS, so people can’t easily get to that site,’ ” he said
“That could be triage to help slow the leak of the information, but it seems just as likely that the feds could get a takedown order.”
Martin added that if CryptoBin. org is hosted outside the U. S., as its domain registration information suggests, that legal process could take time.
On Monday morning, the cache of records was accessible to anyone who used the password “lol.” The page hosting the data appeared to have been taken down by Tuesday afternoon. On Wednesday morning, Risk Based Security confirmed that the entire site was offline.
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information,” the Justice Department spokesman said in an e- mail Monday.
“This unauthorized access is still under investigation.”
Vice broke news of the supposed breach, but declined to identify the hacker who claims to be behind it.
The Twitter account that initially published the location and password associated with that information posted Tuesday: “Anyone got a good lawyer ?!?!?”
That was the account’s last tweet.
According to Crypto-Bin’s registry information, the domain was created in April 2011 and last updated Tuesday. Similar to the more popular service Pastebin, CryptoBin let users share text; its contents are protected by passwords.
In the past, hackers have reportedly used the service to release similar data.