The Cryptome whistleblowing website was hacked last weekend in an attack that could have compromised sensitive data, possibly including the email addresses of top secret sources for leaks sent to the site.
According to Wired, which was contacted by the ‘Kryogeniks’ hacker who claimed to be behind the attack, the hack stripped the site of a claimed 6.8 Terabytes of data after breaking into an email account belonging to Cryptome founder, John Young.
How much if any damage has been done to the site is unclear. In emails sent to Wired, Cryptome has disputed the volume of data copied, and has taken a hardball stance on possible hacking crimes committed. Cryptome also said that the sited has reinstated the missing content from backups.
Cryptome has since responded to the article on its website.
“John Young told Zetter [Wired reporter] to report that Cryptome has no objection to rummaging through Cryptome material, it is all open source, but that the crimes of accessing private email, the ISP account and John Young's computer system will be pursued,” it read.
"We will burn the hacker's ass for that," Young was quoted as having told the Wired reporter. "Be sure to print that."
Cryptome said that it planned to subpoena the Wired reporter as a witness to possible federal crimes.
A particularly awkward element of the affair is the hacker’s claim to have seen the email addresses of people said to have sent Cryptome damaging tips on the inside affairs of Wikileaks and its founder, Julian Assange. The hacker claims that at least some of these contacts appear to be from Wikileaks’ staff.
“Their privacy is to be respected, and they will not be exposed or compromised. We believe in preserving the system of transparency that Cryptome and other websites represent,” the hacker is quoted as saying.
Apart from the fact that a hack took place at Cryptome, removing a disputed amount of data, none of these claims can be verified.
Despite being around far longer, Cryptome is less well known that Wikileaks, but has had its own brushes with the powers-that-be. Last February the site got into a spat with Microsoft after publishing the company’s Global Criminal Compliance Handbook, a document which described personal data Microsoft collects from its customers.
Microsoft called in the lawyers in a rather heavyhanded fashion, citing confidentiality. The press attention simply convinced the world that the guide was more significant that it probably was.