back to article Iran crew stole Charlie Hebdo database, says Microsoft

Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers' personal information is none other than a Tehran-backed criminal group. On Friday, Redmond's Digital Threat Analysis Center (DTAC) attributed the cyber-heist to Iran's Neptunium, which the US Department of Justice …

  1. Lil Endian Silver badge
    Stop

    Je Suis Charlie

    Holy Souls Soily Holes: cowardly zealots, inciting hatred, hiding, misrepresenting themselves, failing humanity.

    If you are True, why do you not walk in the open?

  2. TheInstigator

    Surely it was the Chinese and Russians that helped as well?

  3. Anonymous Coward
    Anonymous Coward

    Where was the DB stolen from?

    Was the Charlie Hebdo database self hosted and stolen from Charlie Hebdo's servers or was it hosted by a third party? Just wondering where the security breach occurred.

    1. Lil Endian Silver badge
      Facepalm

      Re: Where was the DB stolen from?

      Good question.

      I couldn't find a news source answering that, so did a bit of digging:

      $ whois charliehebdo.fr --> website: http://www.ovh.com (redirects to https://www.ovhcloud.com)

      As they (OVH) support lots of web services (eg. DBs) that would seem a fair place to start.

      Checking their website (charliehebdo.fr) shows it to be a WordPress site. Oh dear! I think I've just hit on the attack vector. Assuming, of course, that the subscriptions DB is attached to the website, which is likely.

      [Icon: WordPress]

    2. Alistair Dabbs

      Re: Where was the DB stolen from?

      The online shop for CH's subscriptions was run by a third party. It was this third party that got hacked, not CH's servers or its social media or its modest website.

      Still, it's quite exciting to know that I am now on Iranian nutters' hitlists. It certainly explains why I receive 10 unsolicited phone calls a day from people with Arabic accents trying to sell me shit.

      1. Lil Endian Silver badge

        Re: Where was the DB stolen from?

        Heya Alistair ~

        I'm glad I was wrong about ingress being via the front end WP site. That would have meant some very bad data structuring was used.

        I'm unable to find any details about the third party subscriptions/shop provider you mention, can you give further details or point to any sources? I'm curious about the platform used and attack vector etc. I don't want to dig around on their website(s), for obvious reasons.

        TIA and good luck with those nutters.

        o7

  4. Potemkine! Silver badge

    One could think the Mollahs had the hands full crushing children and women in their own country, but no, they have still time to try to harass the people criticizing their Supreme Leader

  5. Anonymous Coward
    Anonymous Coward

    But god surely has a sense of humour

    He created scrotums after all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like