Irresponsible Messaging Company

"Ladies and gentlemen: the story you are about to hear is true. Only the names have been changed to protect the innocent." -Dragnet

Irresponsible Messaging Company1 had a clever site that was useful for a particular niche involving sending messages containing important information.

Initially when I was handed maintenance of the site there were only some very minor changes to be made, and I didn't look very far into it beyond what was required to do that work. There were some concerns I had about the quality of the source code but that by itself was not at all unusual.

The whistle-blower

This situation shifted one day when a request was passed on to me that had come from a federal agency. They wanted a copy of all of the data from the site for a particular account holder - a prominent whistle-blower who had recently been in the news.

A quick investigation showed that although this person had created an account, they hadn't posted any messages under that account. The owner of the site had been prepared to inquire with the Electronic Frontier Foundation about the ethics and legal options of the situation, but given that there appeared to be nothing of interest, he decided to simply comply with the request.

Around this time I made the case that even without high profile accounts to consider, regular users of the site might be posting sensitive information which deserved to be handled properly. Although I had not specifically spotted any vulnerability yet, the code simply did not look like it was professionally written.

The shutdown

There was insufficient funding available to conduct a full security audit of the software but with some help I was able to convince the owner to shut the site down. It took some time to do this in a way that gave users sufficinent notice and opportunity to copy off any important information.

The final step was to try to ensure that the data was securely deleted from the server. Unfortunately the site was on shared web hosting, which was itself perhaps just as much an issue as the code quality. I wanted to make sure that the deletion of the data was final without drawing attention to the fact that there might be sensitive data. I didn't think the staff at the hosting company would have been vetted for the proper level of trust, and should see everything as routine.

The solution was clear: after deleting the files I filled the hosting account's hard drive and crashed the server. Further, I did this in a way such that a simple investigation would make it obvious that this was done intentionally. This produced the exact result I expected - the other customers on the server experienced a service interruption and the hosting account was summarily terminated. Recovery of the deleted files from the web server's disk would no longer be possible and no backups would be retained. The technicians would pass on to the next issue without ceremony and forget about it.

The cooking show

  1. A fake name of course
  • Languages :

    PHP, JavaScript

  • Tools :