Hackers Falsely Claim Responsibility for Dropbox Outage to Honour Aaron Swartz
Dropbox experienced an outage on Friday as part of a "routine server upgrade", however hackers initially claimed responsibility for the attack on Twitter as part of a hoax to honour Aaron Swartz and gain media coverage.
Hacker group 'The 1775 Sec' initially claimed it was behind the outage on Friday, after which a Twitter account associated with hacktivist collective Anonymous claimed that 'The 1775 Sec' had leaked data belonging to Dropbox users onto Pastebin.
The 1775 Sec, which is associated with Anonymous, denied leaking data from Dropbox, claiming that it had launched a distributed denial-of-service (DDoS) attack on the website and so had no access to the database:
We are literally choking on laughter! We DDoS attacked #DropBox. Claiming its a data breach! This is so ducking funny?
— The 1775 Sec (@1775Sec) January 11, 2014
The data on pastebin was later found by security researchers to be fake, and The 1775 Sec admitted that the initial claim was a hoax to "troll the media":
Did anyone bother to do some research. lol. We made the Internet Reporters look like fools! That is what we did in your honor Aaron Swartz
— The 1775 Sec (@1775Sec) January 11, 2014
Files all safe
Dropbox has denied that its service was hacked, blaming its update and MySQL database infrastructure, which reinstalled active machines and brought the website down.
"Unfortunately, a bug installed this upgrade on several active servers, which brought down the entire service. Your files were always safe, and despite some reports, no hacking or DDOS attack was involved," said Dropbox's VP of Engineering Aditya Agarwal a blog on Sunday.
While most functionality on the cloud storage website was restored on Friday, Dropbox users continued to experience problems using dropbox.com, the desktop client and the mobile apps.
Dropbox had to restore from backups, which took until Sunday afternoon. In order to avoid the problem happening again, the cloud storage site has created a new tool to prevent updating scripts from reinstalling servers.
"Over the past few years, our infrastructure has grown rapidly to support hundreds of millions of users. We routinely upgrade and repurpose our machines. When doing so, we run scripts that remotely verify the production state of each machine," commented Akhil Gupta, Dropbox's head of infrastructure in a "post-mortem" report on the Tech Blog yesterday.
"We've since added an additional layer of checks that require machines to locally verify their state before executing incoming commands. This enables machines that self-identify as running critical processes to refuse potentially destructive operations."
Dropbox says that it is currently working through the "last few issues" affecting the Dropbox photos tab.
Honouring Aaron Swartz
Both The 1775 Sec and Anonymous claimed that the Dropbox outage "hoax" was to honour internet activist Aaron Swartz, who died on 11 January 2013.
Anonymous hacked an MIT sub-domain on Friday, the SSL-enabled Cogeneration Project page, changing the page to display the Anonymous logo.
MIT took the webpage down over the weekend and at the time of publishing, the Cogeneration Project webpage is still offline.
Swartz, who helped to develop the RSS web feed format, the Creative Commons organisation and social news site Reddit, was charged with wire fraud for downloading a large number of academic journal articles from MIT.
It is thought that he intended the share the journal articles online for free.
He committed suicide in his apartment in New York after federal prosecutors refused to accept his lawyer's second plea bargain, which would have prevented him from having to pay up to $1 million (£606,134) in fines and spend up to 35 years in prison if found guilty.
© Copyright IBTimes 2024. All rights reserved.