Hacker News new | ask | show | jobs
by xyunknown 3453 days ago
My thoughts, too. But before claiming this I at least wanted to encourage a second look. I also ensured this was the only time he connected, so there is no plausable way he is backing up the data.
2 comments
xyunknown 3453 days ago
There is now more evidence supporting that there are no backups, e.g. he doesn't even store information about which servers he already looted (he is erasing the same servers twice or more). Until someone has logs that prove otherwise on bigger datasets, nobody should pay this guy. Also it seems implausible seeing the vast amount of data which he would need to have backed up, closing in several hundreds of terabytes, based on an estimation of last year.
link
fauria 3453 days ago
The attacker could have used a script like this:

  use foobar
  db.collection.find()
  db.dropDatabase()
and then:

  cat script.js | mongo | tee backup
so there is indeed a plausible way to backup the database before dropping it. The timestamps seems to be as well plausible for a small database.
link