Hacker News new | ask | show | jobs
by lawnchair_larry 5225 days ago
Sorry, there is just no way that this is the case. Please don't throw such a serious allegation out there without any evidence. To even suggest that this is technically possible for an employee to do is a serious allegation, let alone suggesting that someone did it maliciously. This spreads all kinds of FUD.

I'll happily eat my words if that turns out to be what happened, but it is definitely not the simplest answer.
4 comments
RLG_RLG 5225 days ago
Inside job is usually the answer for targeted attacks against inside systems. Inside collusion at a minimum.

I wonder how anyone can trust their linode systems after an admin account being compromised.

It would likely ruin their business to re-install everything, but that is the only way to know root kits have not been installed.

link
lawnchair_larry 5224 days ago
Or just check if your instance was restarted and your root password was changed. If it wasn't, you were not exploited this way.
link
shadowmint 5225 days ago
Up-vote to the original comment because it's not stupid or impossible, just unlikely.

We can only speculate at this point.

The simplest answer is probably that one of the staff was subject to a targeted hack and a 3rd party gained external access to the CSR tools.

Possibly for an extended period of time. <-- This is the concerning part.

It's relatively unlikely an internal staff member would do something this dumb (but, not impossible. we've had this happen _here_ where I work, with credit card numbers, but obviously the person responsible was caught almost immediately).

link
ohgodthecat 5225 days ago
> To even suggest that this is technically possible for an employee to do is a serious allegation

It is technically possible for an employee to do it because it seems (from the linked pastebin above) that is how it was compromised, an elevated account for linode manage was compromised.

As for an employee being the one that did it, that is probably the least likely cause.

link
showerst 5225 days ago
I believe he's referring to the part about employees (at least the ones that have access to the customer dashboards) being able to run a script to scan for bitcoins.
link
nknight 5225 days ago
You can't secure against God. Of course it's technically possible for a Linode employee to do.
link