Hacker destroys email provider VFEmail's entire US infrastructure, service will 'likely...

Polycount

TS Evangelist
Staff member

If you use your email client of choice for particularly important correspondence -- perhaps for business or private conversations -- you'd probably be pretty shocked to wake up one day only to find that its servers have been completely wiped out.

Unfortunately for users of VFEmail, that's precisely what happened on Monday. As spotted by Ars Technica, VFEmail owner Rick Romero recently found evidence that a hacker was attempting to systematically destroy his service's hard drives - backups and redundancies included.

Though it sounds like Romero was able to put an end to the attack, it was too little, too late for VFEmail's users. According to an official notification posted on the email provider's website, "all data" in their US servers has been completely wiped out, and it's seemingly beyond recovery.

"Yes, @VFEmail is effectively gone. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it."

"Yes, @VFEmail is effectively gone," Romero wrote in a tweet. "I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it."

Romero says the person, who used the IP of "aktv@94.155.49.9," was most likely using a virtual machine and multiple means of access to carry out the attack - no one method of protection, such as 2-factor authentication, would have protected VFEmail from the assault.

Unfortunately, the attacker's motivations are unknown. The individual did not ask for a ransom, nor do they seem to be taking any sort of moral stance against VFEmail.

Permalink to story.

 

brucek

TS Guru
This is why your backup strategy should always include one form of storage that is write-once-only or offline once written. I'm not familiar with this service but it's a real shame this happened and I hope the 'hacker' (too nice a name for that lowlife IMO) is caught, convicted, and sentenced to a lengthy jail term.
 

Danny101

TS Evangelist
Sad indeed. Unfortunately, they failed as a company for not instituting a better backup system. If it was because of lack of money, then they were already failing as a company. You can't operate without a hedge.
 
  • Like
Reactions: psycros

hahahanoobs

TS Evangelist
I can only think the hacker started small before hitting something larger, for money, to see if he/she could, or dare I say it - for the lawls.

I'll be watching to see if there are more attacks like these in the future.
 

psycros

TS Evangelist
I'm hate to sound like a jerk, but...I'm betting this was a relatively small host who served clients who couldn't afford a bigger, more robust service. As someone stated, the most likely scenario is that the servers were compromised and used for some criminal or intelligence operation and then wiped to cover it up. The second most likely scenario is that the hackers were contracted by a competitor who wants everyone using *their* service because they make money by selling out their customer's privacy to advertisers. Its very possible that we'd all know the name of that company if it ever were discovered. Incidents such as this hack need to be closely scrutinized right now. As nearly everyone knows, for about the past two years the major ISPs and various left-wing pressure groups have been colluding with the FCC to wage war on anyone who supports net neutrality. But recently this effort has been radically expanded to target anyone who supports free speech online. There's a ton of chatter about it on the dark web and its been slowly leaking into the mainstream. The consensus seems to be that its driven by billionaire "progressives" (aka neo-libs) who want to push their "non-neutrality" yet again. This means repression of any viewpoint the liberals disagree with but disguised as net neutrality. Sadly, it was language tacked on by Democrats that partially helped kill NN the first time lawmakers attempted to pass it. Now they seem to be going much further, with groups of telecom executives and lawmakers meeting quietly to discuss ways to ban any online content that tells a different story from the liberal-controlled US media. I suspect the leftist officials are telling the ISPs that they'll get what they want (pay-to-win Internet) *if* they help block content that doesn't serve the liberal agenda. We're already seeing astroturfing from various left-wing entities such as Mozilla as well as the usual front groups. Its all starting to look rather conspiratorial and I doubt most of us would even notice if not for how fast their trying to ram this Internet takeover through. My personal assumption is that its mainly about election cycles like everything else in Washington. Of course you also have Google, Microsoft and other big dogs wanting to freeze smaller competitors out of the market completely. Between the corporatists and the progressives the future of the web in America looks a lot more like what they have in China.
 

RedGuard

TS Enthusiast
As someone who develops software, I don't mind hacking attempts.

I usually come up with findings and solutions just to be ignored: "We don't need all that much", "We don't have that budget", "We don't feel attacks like that are going to happen".

And when they do happen, they all sweat like pigs before Christmas. Serves them right. Next time they'll pay the extra money and hire good software developers to help. Otherwise nobody will have any business whatsoever.
 

Kibaruk

TechSpot Paladin
Yeah I have to agree, it was a poorly planned backup policy, even loosing a single day of data is already something unacceptable by today's standards.

Wiping out an email service is the least of the worries for the people using it, imagine how much access the hacker must have gained, in terms of domain and records it's already a disaster.

Always use reliable and established sources for your services.
 

jobeard

TS Ambassador
This is why your backup strategy should always include one form of storage that is write-once-only or offline once written. I'm not familiar with this service but it's a real shame this happened and I hope the 'hacker' (too nice a name for that lowlife IMO) is caught, convicted, and sentenced to a lengthy jail term.
[SIZE=6]VFEmail[/SIZE].com is registered by GoDaddy and the server is now down. It can not be determined if this was a shared host(really bad idea for email server) or a private host(not likely due to the cost).

Yes, a proper set of backups is a key part of any service sold to customers.
 

lazer

TS Addict
This is why your backup strategy should always include one form of storage that is write-once-only or offline once written. I'm not familiar with this service but it's a real shame this happened and I hope the 'hacker' (too nice a name for that lowlife IMO) is caught, convicted, and sentenced to a lengthy jail term.
sounds more like a teenager or kid who did it since he did not ask for money to return anything.....