My I (possibly) be the first just to say...
BWAHAHAHAHAHAHAHAHAHAHA
Hackers have uploaded a leaked database of emails from anti-piracy law firm ACS:Law onto P2P networks and websites. ACS:Law was among a handful of entertainment industry-affiliated organisations to endure denial of service attacks by the denizens of 4Chan last week. A loose-knit collective of members of the notorious message …
I wouldn't bother with the Information Commissioner's Office if I was them.
By their own admission the Information Commissioner's Office doesn't do anything other than help the offender not make the same mistake in the future.
They do not prosecute. Even if the law has been broken.
They are toothless and should be on the list of useless Government organisations to be scrapped.
Privacy law won't say anything as they don't exist in the UK, either on statutes or in common law. There's the Data Protection Act, which is fairly toothless, Article 8 of the ECHR (covering "protection of private life... and communication") but that would involve an action being taken against the State, so not really helpful, and then there is "breach of confidence" which might work against whoever had set up the website.
As for people not wanting their details to be there... it doesn't really matter what the people want - the details were there because ACS Law asked a Court to hand over the details and the ISPs didn't bother to fight.
The hacking part was in trashing their server in the first place, requiring the subsequent restore from backups. Someone predicted that those doing the restore would be a bit panicked and might forget some precautions during their rush to restore service - and that prediction proved to be accurate.
Not good for those they poor 80 year-olds, who don't even know how to turn a computer on, who are "suspected" of downloading hardcore gay porn is it!
So I will mark them down for that, but they get top marks for getting hold of the idiot who runs the firms emails and for attracting the attention of privacy groups and hopefully the Information Commissioner!
Paris, 'cus even she aint this loose lipped!
"Big whoop. It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish." - Andrew Crossley, ACS: Law
http://www.theregister.co.uk/2010/09/22/acs_4chan/
I wonder how concerned he is over his coffee queue now.
it's just complete user error. the information commissioner should bust their balls. this is not a hack they just posted all this info to their website.
I'm actually hosted with the same company, also on a shared server, though i guess it's the same for all cpanel.... the only reason for the full backup to be in public_html is if you're too lazy or stupid to move the backup folder from the home directory by FTP and just stick it in there to download via http.
i have done this myself in the past.
Previously on El Reg re the recent DDoS attack on ACS:Law:
'Andrew Crossley, the head of ACS:Law, told The Register the attack was "typical rubbish from pirates". "Big whoop," he added.' '"...I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish."'
To quote Nelson Muntz: "HA HA!"
Yes, it really has to be stated very loudly that the leak of these emails was nothing to do with any kind of hack in any instance, ACS:Law published a copy of their unencrypted backup file in a public area of a public server.
This is not a hack and has nothing to do with hacking or cracking in any way
ACS:Law published their archive
Many places this story is being told are having trouble keeping the dDOS (which is not a hack in any case) seperate from the leak of the emails
C'mon get it right, in any event, if these emails had been stolen from a 'secure' are of the site it still wouldn't be a hack, it would be a crack.
One day, someone somewhere in the media will understand these differences, though I'll not hold my breath
"C'mon get it right, in any event, if these emails had been stolen from a 'secure' are of the site it still wouldn't be a hack, it would be a crack."
Meh, you coulda been a contender, up until that bit
Hack, crack, schmack. Get over it already. "DarkNerd" ? Snark. What is this 1982 ?
For the pedantic record though, the DDoS attack appears to have mostly been carried out by volunteers using a point and shoot DDoS toy with the rather racy and exciting monika "Low Orbit Ion Cannon" (LOIC), which amongst it's many features offers the user the ability to slave their running instance to a controlling IRC chan in order to become part of a voluntary botnet.
Amusingly, this is apparently known as "Hive mind mode", or some such. Gotta love those skiddies.