Cyber Incident Victim: Cryptome
Date:
Jun 2014
Location:
United States of America
Summary
A whistleblower-focused website was suspended by its domain registrar due to a malware infection, with the registrar citing security concerns and customer protection as justification. The site's founder condemned the abrupt suspension as an overreaction and censorship, asserting that the malicious file had been promptly removed upon notification but service restoration faced delays. This incident followed previous disruptions including prior malware infections handled without service interruption, a past takedown attempt via copyright complaint, and a prior hack erasing its archive. In response to the suspension, the site announced plans to distribute its content through alternative channels to circumvent the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 25, 2014, Cryptome.org was suspended by its domain registrar Network Solutions (NetSol), a subsidiary of Web.com, following the detection of a malware-infected PHP file on the site. NetSol executed the suspension without prior notification to Cryptome’s founder, John Young, who discovered the action only after receiving an email coinciding with the site’s takedown. Young immediately removed the malicious file via FTP and notified NetSol of the remediation, but the registrar delayed reactivation for up to 48 hours. Young condemned the suspension as an unjustified overreaction, equating it to censorship by private entities and criticizing the lack of advance warning or opportunity to address the issue preemptively. He highlighted that Cryptome had previously resolved similar malware incidents without service disruption, suggesting NetSol’s response was disproportionate. This incident echoed past operational challenges for Cryptome, including a 2010 temporary shutdown triggered by a Microsoft DMCA complaint—later withdrawn after public pressure—and a separate 2014 breach by hackers who erased the site’s archive, necessitating restoration from backups.
The suspension left Cryptome.org inaccessible for an extended period, prompting the organization to announce via Twitter its intent to distribute content through decentralized online and offline channels to circumvent the disruption. Web.com, in a public statement, defended NetSol’s actions as necessary to mitigate security risks, emphasizing customer protection as its priority while committing to restore service after investigation. Cryptome’s operational history, dating to 1996, involved frequent publication of sensitive documents on topics like surveillance and intelligence, attracting both legal pressure and cyberattacks. The incident underscored tensions between service providers’ security protocols and independent publishers’ autonomy, with Cryptome framing the suspension as an infringement on its operations comparable to adversarial actions by state or corporate actors. No technical details regarding the malware’s origin, propagation method, or specific impact on visitors were disclosed by either party.