Apparently the flight sim site Avsim has had both its servers destroyed simultaneously by hackers:

http://news.bbc.co.uk/2/hi/technology/8049780.stm

One acted as the backup for the other, so apparently there's nothing left of the site at all (except whatever they can scrape from online caches).

I realise people are going to say "why didn't they have better backups", but it still shocks me that hackers would do a thing like this. What on earth did the hackers have to gain from this? How did they think this would make the world a better place for anyone?

I realise people are going to say "why didn't they have better backups", but it still shocks me that hackers would do a thing like this. What on earth did the hackers have to gain from this? How did they think this would make the world a better place for anyone?

Having two public facing servers as the only method of backup isn't a good idea. It is sad but there are many more crimes in this world that are a lot more sever and happen all the time.

No the hackers shouldn't of done it, yes, the site should of had better backup facilities, no, I don't have much sympathy.

Even for reasons other then hackers they should have offsite backup that to several locations. The company i work for backs out server up daily, and uploads the backup to 2 other computers also our tech guy uploads a third backup to a External drive that is only hooked up to a computer long enough to pull the back up then removed. I know this might be a little much for a simple website but atleast monthly I would back my sites up to another location.

Seriously, to not have an offsite data center for something like that...? Wow.

Tim

Even for reasons other then hackers they should have offsite backup that to several locations. The company i work for backs out server up daily, and uploads the backup to 2 other computers also our tech guy uploads a third backup to a External drive that is only hooked up to a computer long enough to pull the back up then removed. I know this might be a little much for a simple website but atleast monthly I would back my sites up to another location.

Two backups are arguably fine as long as one of them is off-line. With both backups being public facing and online it means that your skating on thin ice which is bound to break at some point.

I have a backup server (very low powered) that pulls data off of my other (low powered) server. The backup server is internal only, responds to no-one and has no internet connection. Works well for me.

but there are many more crimes in this world that are a lot more sever and happen all the time.

Would you say that if someone complains about a delayed Maemo hardware launch or an unresolved bug in Bugzilla?


No the hackers shouldn't of done it, yes, the site should of had better backup facilities, no, I don't have much sympathy.


You realise this isn't just the site maintainers that have lost stuff but all the people that contributed to the site for 13 years. Don't you have much sympathy for them?

Geez, that sucks. Even *I* have offsite backup. In fact, I'm so bloody paranoid about loosing data that I kinda go to the extreme with my backups. If someone wanted to take me offline, it'd only be down long enough to figure out how the heck they got in. After that it'd just be business as usual again.

As for why they did it, the reasons are numerous. But most likely someone was on an ego trip and just had something to prove. People enjoy being malicious, and this is just further proof of that. Then again, it's also excellent proof that some admins are idiots. ;)

The time I worked as sys admin for a small company we kept backup tapes/drives stored in a separate location than company.

Since it was a bare tape/drive there was 0% chance any hacker can gain access to it through internet... Only if they actually broke in to the location where the tape was stored.... To make the task more difficult the information where the tapes were kept was not documented anywhere (due to security reasons), so there was no way a hacker could have found that information from the data stored on the servers.

So I think that they did not follow a good security measures and therefore they got burned because of it... :(

As for why they did it, the reasons are numerous. But most likely someone was on an ego trip and just had something to prove. People enjoy being malicious, and this is just further proof of that. Then again, it's also excellent proof that some admins are idiots. ;)

There is a massive MASSIVE difference between an incompetent admin and a hacker deliberately destroying 13 years of community work.

It frightens me that someone would do something like this deliberately. They must have serious social problems.

Would you say that if someone complains about a delayed Maemo hardware launch or an unresolved bug in Bugzilla?


Of course I would say the same thing. I was just trying to put it into context. Something pretty bad happened to someone who was a little lax with their security. Would you have a lot of sympathy for someone who left their car unlocked with the keys still in it and subsequently had it stolen?

You realise this isn't just the site maintainers that have lost stuff but all the people that contributed to the site for 13 years. Don't you have much sympathy for them?

Yes, I realize. As I said before, yes its a bad thing that happened but some silly and lax security and backup policies led to it being possible.

...Would you have a lot of sympathy for someone who left their car unlocked with the keys still in it and subsequently had it stolen?...

Absolutely yes! I have sympathy for ANY mishap, be it negligent, intentional, or unintentional. When there is spilled milk, there is spilled milk, who put it there, who knock it off is inconsequential.

bun

It frightens me that someone would do something like this deliberately. They must have serious social problems.

This frightens you? Really? What's so horrible or unusual about the nature of their destructive activity? They broke into the machines, vandalized/erased/scrambled them, the end. This is what malicious hackers do. This is why you need backups.

I would be happier with digital defacement like this rather than it being injected with a worm or virus that is difficult/impossible to find. That way at least you know you have problem you can fix.

This frightens you? Really? What's so horrible or unusual about the nature of their destructive activity? They broke into the machines, vandalized/erased/scrambled them, the end. This is what malicious hackers do. This is why you need backups.

I would be happier with digital defacement like this rather than it being injected with a worm or virus that is difficult/impossible to find. That way at least you know you have problem you can fix.

My other point was that this behavior is not confined to the digital domain, things like this and a lot worse happen every day outside, just take a look at a news paper to see it (or read one online ;)). Not really surprising.

It frightens me that someone would do something like this deliberately. They must have serious social problems.

They may, or they may have assumed that any site so huge with so many years of work in it MUST have an offline backup, so the hackers were just messing around and seeing how much damage they could do, thinking they were playing in some kind of a sandbox environment, if you know what i mean. no social pathology necessary.

This frightens you? Really? What's so horrible or unusual about the nature of their destructive activity? They broke into the machines, vandalized/erased/scrambled them, the end. This is what malicious hackers do. This is why you need backups.

hey, hey, now. "this is what [they] do"? and you make backups, and that's that? here's evidence of a social pathology. Are the criminals not human? they're some kind of animals or aliens that cannot be comprehended by we, the intelligent, morally pure tablet owners, except as evil-doers? come on. this isn't some comic book or disney movie. ditch the dichotomy.

a crime was committed here, and that's always at least a little bit disturbing. it's not a complete waste of time to ponder the criminal mind, because it can result in solutions closer to the root of the problem--like redistributing wealth and improving education systems--rather than work-arounds like creating multiple off-site backups, installing bars on your windows, carrying a taser, and saying "this is what [criminals] do."

The title is highly erroneous:
hackers -> they create
crackers -> they destroy

The title is highly erroneous:
hackers -> they create
crackers -> they destroy

So, the criminals live in Georgia (USA)? :D

Seriously, the 'media' has never understood the difference between 'hacker' and 'cracker'...

Man I had it all backed up on a usb thumb drive, now where is that?

Sympathy? If someone plays in the road and gets run down, should I have sympathy for them, or vote them onto the Darwin Awards?

Two servers is no substitute for an offsite backup.

Maybe there should be a technology Darwin award?

@jmjanzen

Thanks!

Sympathy? If someone plays in the road and gets run down, should I have sympathy for them, or vote them onto the Darwin Awards? Two servers is no substitute for an offsite backup.

Indeed. I have little sympathy for myself when I do an rm -rf * .gz, and have lots of sympathy for hundreds of people suffering real harm all over the world on a daily basis.

When people fly planefuls of people into skyscrapers, I can't believe anyone is surprised by people being malicious on the Internet.

Maybe there should be a technology Darwin award?

I'm sure we can get some finalists in from Nokia too ;-)

The level of dickness in this thread is disappointing.

They lost thirteen years of community built work. No matter the "they should ofs", this is a great loss and sympathy is appropriate. Ie, you understand and respect the pain they are feeling right about now.

Those without sympathy are exhibiting the same lack of emotional understanding that the perpetrators must have had to do this thing. This is sociopathy.

The level of dickness in this thread is disappointing.

They lost thirteen years of community built work. No matter the "they should ofs", this is a great loss and sympathy is appropriate. Ie, you understand and respect the pain they are feeling right about now.

Those without sympathy are exhibiting the same lack of emotional understanding that the perpetrators must have had to do this thing. This is sociopathy.

I guess its just the sysadmin in me. If the 13 years worth of data was important it should have been backed up. Its all about RPO and RTO, their were both apparently 13 years?

Failing to plan, is planning to fail...

Do I feel bad some people lost some data? If ITT/Maemo lost all tomorrow would I be mad maemo or feel bad for users.

I would be freaking pissed, of course nobody would know because the forums would be down :(

Anyway, I am sure its not the first time I was called a dick, not even the first time this week.

Concerning the crackers: the crackers didn't know they were destroying 13 years worth of work; it's very reasonable to expect that this data was backed up somewhere. Frankly, it's the only responsible way to admin a project of that magnitude, so I'd expect that they expected it was backed up. That you are able destroy something doesn't lead to "you should destroy it," so yes, it was a reprehensible act.

Concerning the admins: the fact that it wasn't backed up doesn't mean that it was "deserved." It was certainly irresponsible to a blaming fault.

"Horrible things happen all the time all over the world and this is just another thing" is a crappy way to look at things, I know because I used to do it. It does allow you to not-engage or to step back from a situation, so if that's how some manage, I won't criticize, (oops), and of course the internet tubes aren't the best mode of communication so people may just be acting a bit more glib than they truly are.

Joe.

Well, if some subgenius penetrated Reggie's servers and wiped four years of collective wisdom, witty flame wars and community work about the NITs and maemo, I'd certainly pray that he could summon them back from a secret cache that was not part of the break-in...

There is a massive MASSIVE difference between an incompetent admin and a hacker deliberately destroying 13 years of community work.Certainly, there's a difference; one is causing harm, and the other is merely negligent in protecting his (and others') data from an entire class of trivially foreseeable harm. The one who causes harm is evil, the one who fails to take reasonable measures to stop it is "merely" lazy, but this scarcely excuses the negligence.

Rest assured, I (and, I suppose, most folks) do blame the crackers for this; but (I thought) that goes without saying. There's nothing astonishing about the trashing; while certainly despicable, it's not news, and it's hardly controversial. Happens all the time, the attacked site restores their backups, fixes some vulnerabilities, and moves on.

The admin's negligence, OTOH, is quite astonishing, and while obviously less bad, deserves comment for its exceptionality.

It frightens me that someone would do something like this deliberately. They must have serious social problems.
I guess I'm not sure why it would be a social problem. But honestly, while the fact that many people do things like this does show a frightening side of human and/or social nature, it's hardly a revelation; c.f. serial killers (http://en.wikipedia.org/wiki/List_of_serial_killers_by_number_of_victims). Should we be surprised that giving an evil person a computer and network connection doesn't magically turn them into a good person, that they show no more respect for others' data than for their lives?

Well, if some subgenius penetrated Reggie's servers and wiped four years of collective wisdom, witty flame wars and community work about the NITs and maemo, I'd certainly pray that he could summon them back from a secret cache that was not part of the break-in...
Huh? Is there some reason to suppose a SubGenius (http://en.wikipedia.org/wiki/Church_of_the_SubGenius) would be a likely perp? (To be clear: I am not a member, just curious why the slam...)

they may even show less care as its "just data"...

bored punk kids with computers i say, maybe running the modern version of awardialer and happened to find the server as a valid target...

First - yes, a crime was committed, malicious vandals defaced a site and destroyed property.
This is not news... this happens all the time both in meatspace and on the internet.
Anyone who thinks the internet is safe is naive as a newborn at best, if not a complete buffoon.
Comparing the internet to downtown Detroit (or Memphis, or Miami) at midnight is taming things down far too much.

The loss is profound, and (even considering it was for a Microsoft product) this kind of loss of publicly valuable work saddens me. It's history lost. I feel bad for all of the people who contributed over all of these years, expecting their data to be safe. I also feel bad for those who will never get the chance to use what has been lost.

With that said...

What these admins did is (to expand on a previous analogy) much worse than leaving the keys in the car... they left the keys in the car with the car running at a busy intersection in the middle of the worst part of town during a blackout... oh - and they left the signed title right there on the seat along with their credit cards, debit cards, and a note with the PIN number on it.

Before you call me names for being so harsh, keep this in mind:
I've worked in the relevant fields (working with/creating valuable/sensitive data critical to the company's survival, data storage management (backups), and IT security) for 17 years (only counting Unix jobs).
This configuration violates more basic principles and basic "common sense" concepts than I care to consider.

I've had many arguments with many people who insisted a single online or offline copy of data was a "backup".
It's not a backup if you destroy all of it when you create the next copy.
It's not a backup if undetected file corruption destroys all copies of your data during the first copy.
A single, unchecked typo could have destroyed everything they had with that configuration.
Please do not refer to what they had as "two backups"... it wasn't. It was an online redundant pair... nothing more.

The fact that they had the entire system accessible from the internet is stunning.


I probably wouldn't have had such a strong reaction to this had it not been for the fact that I've spent the better part of two decades fighting against configurations like these.


Oh, and to expand on another comment previously made, the vandals likely couldn't imagine that the company could ever be in the position of not having any backups... that would be patently absurd! :eek:

The title is highly erroneous:
hackers -> they create
crackers -> they destroy

that sounds like a knock on whitey... I'm highly offended.

(although we sure showed those Cherokee, didn't we ?)

Well, if some subgenius penetrated Reggie's servers and wiped four years of collective wisdom

Huh? Is there some reason to suppose a SubGenius (http://en.wikipedia.org/wiki/Church_of_the_SubGenius) would be a likely perp? (To be clear: I am not a member, just curious why the slam...)

No slam whatsoever (I actually find those "Church" concepts quite funny and healthy). I wrote "subgenius" uncapitalized, as a common noun. If I had written "a bad apple", would you be inquiring why the slam on Steve Job's operation ? :-)

So, what is maemo.org's backup policy? In a similar event (or hardware failure, fire, whatever) would it be possible to have the various bits (official repos, extras, bugzilla, garage, mailman, wiki, talk etc) up and running in a reasonable time frame (ie measured in days at most)?

So, what is maemo.org's backup policy? In a similar event (or hardware failure, fire, whatever) would it be possible to have the various bits (official repos, extras, bugzilla, garage, mailman, wiki, talk etc) up and running in a reasonable time frame (ie measured in days at most)?

Short answer, yes.
Longer answer, the site servers are backed up at at regular intervals to storage. In case of a catastrophe backups are available on short notice. Naturally the latest data would be lost, but not much.

Cool, thanks :-)

No slam whatsoever (I actually find those "Church" concepts quite funny and healthy). I wrote "subgenius" uncapitalized, as a common noun.Null sweat then, it's just not a word I think I'd ever previously heard/seen used in its literal meaning...
If I had written "a bad apple", would you be inquiring why the slam on Steve Job's operation ? :-)
Absolutely. ;)