Iran crew stole Charlie Hebdo database, says Microsoft Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers' personal information is none other than a Tehran-backed criminal group. On Friday, Redmond's Digital Threat Analysis Center (DTAC) attributed the cyber-heist to Iran's Neptunium, which the US Department of Justice …
Good question.
I couldn't find a news source answering that, so did a bit of digging:
$ whois charliehebdo.fr --> website: http://www.ovh.com (redirects to https://www.ovhcloud.com)
As they (OVH) support lots of web services (eg. DBs) that would seem a fair place to start.
Checking their website (charliehebdo.fr) shows it to be a WordPress site. Oh dear! I think I've just hit on the attack vector. Assuming, of course, that the subscriptions DB is attached to the website, which is likely.
[Icon: WordPress]
The online shop for CH's subscriptions was run by a third party. It was this third party that got hacked, not CH's servers or its social media or its modest website.
Still, it's quite exciting to know that I am now on Iranian nutters' hitlists. It certainly explains why I receive 10 unsolicited phone calls a day from people with Arabic accents trying to sell me shit.
Heya Alistair ~
I'm glad I was wrong about ingress being via the front end WP site. That would have meant some very bad data structuring was used.
I'm unable to find any details about the third party subscriptions/shop provider you mention, can you give further details or point to any sources? I'm curious about the platform used and attack vector etc. I don't want to dig around on their website(s), for obvious reasons.
TIA and good luck with those nutters.
o7
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
