And, we’re ba-ack!
The Aging Rebel was hacked seven times on Friday March 27 and has been down for 19 days. The hacks appear to have occurred at 1:43 p.m. Pacific Time, 2:07 p.m., 2:28 p.m., 7:41 p.m., 8:30 p.m., 9 p.m. and 9:30 p.m. The hacks followed about a month of what either were or approached distributed denial of service attacks combined with a brute force attack.
Brute force attacks are analogous to an infinite number of monkeys with an infinite number of keyboards trying to discover a password. There were a very large number of automated attempts to log into the administrative portion of the site until, by luck as much as by skill, the right combination of letters was discovered. The volume of the attacks caused the site to crash multiple times during February and March. This site is about six and a half years old and the attacks exploited a weakness in a portion of the site that hackers have known about for a long time. It was stupid of me not to fix it. The vulnerability has been corrected. The site has been hardened.
In response to these malicious attacks, I attempted to double The Aging Rebel’s server capacity on March 27. The process of doing that lasted about four hours and it was during that time that the site was successfully hacked the first time,
I believe the hack was accomplished by two parties. The first party was probably a hacker employed to act on behalf of the second party. The hacker carried out the brute force attack, gained access to the site shortly before 1:42 p.m. and overwrote certain configuration files that allowed them to take control of The Aging Rebel. At 2:07 p.m. the first hacker made changes to the site that prevented access by another, random hacker, and that prevented me from re-setting the administrative password. At the same time the first hacker replaced the site’s WordPress theme and uploaded an obscene image. Anyone who surfed into the site at that point saw a photograph of a fat white woman staring with delight at a very large black dildo. Superimposed on the photograph were the captions, “Rebel sucks big fat cocks” and “I take it in the rear end by faggot pedophiles.” The header of the site was changed to “Fuck Aging Rebel” and the description of the site was changed to “just another sheep!” The file was uploaded as “douchebag3.jpg.”
I believe the first hacker was employed to crack the site. The obscene photograph replaced the site as proof that the site had been hacked. And, one likely scenario is that the first hacker was then paid.
I believe the second hacker then entered the site at 2:28. I was alerted that the site had been hacked by someone who has my cell phone number at about 4:20. I checked the site. It appeared normal. The second hacker had probably switched back the theme and restored my administrative access while he decided what to do next. I discovered the site had been hacked again at about 6:45, sent my server host, which is a company named DreamHost, an email to shut down the site and they finally got around to doing that sometime after 9:30. That stopped the attack.
In all, about 41 FTP files were hacked. Several obscene images were uploaded. The uploaded images appear to have been created on different computers. Consequently, I believe this racketeering act was carried out by multiple co-conspirators.
A significant number of the brute force attacks came from a dedicated server with internet protocol address 188.8.131.52 rented from Hetzner Online AG in Frankfurt, Germany.
It is not a proxy server. I have previously associated servers that have similar IP addresses with federal police forces. For example, after Patrick Eberhardt was murdered in Phoenix two months ago, a Frankfurt server was used to comment about his murder, “Payback is a bitch.” I believe the comment was intended to inflame the passions of Eberhardt’s club brothers and, at the request of a friend of his family, the comment was removed. I believe the server at IP 184.108.40.206 is probably a federal asset.
Denial of service and other attacks on a niche journalistic site like The Aging Rebel are very rare. Most attacks are aimed at large institutions like banks and credit card gateways. Many hackers view these attacks as a kind of social protest against large institutions and powerful corporations. The attacks on The Aging Rebel were clearly intended to censor my reporting and to dictate what free people can and cannot read.
Who Done It
I don’t believe the attacks were carried out by any well-established motorcycle club.
Multiple plausible rumors circulated after the site was shut down. One was that some federal police force had shut down The Aging Rebel in retaliation for “outing Gus Christie.” I don’t believe that is the case.
Another was that Mike “Sawdust” Cunningham, prime minister of the Rebels USA Motorcycle Club, “was bragging that he has hacked the site.” I asked him.
Cunningham replied, “I told you before that you have a right as an American to free speech and all I ask is you be fair and balanced but that seems to be impossible for some. I can assure you that not only did we not hack your site. We could care less about it.” I am inclined to believe him.
A moron named Tres Lawer, who lives in Indiana, Pennsylvania sent me what I interpreted to be a veiled threat. He wrote, “Did some asshole pull a denial service on your site yet again? Give a douchebag a computer and who knows what havoc they can cause. Hope all is well.” I called him. His mother answered. We had words. I hung up on her. She called me back. She hung up on me. I don’t think Tres Lawer did it.
Another rumor is that “The Iron Order hired a hacker to take down the site.” I believe that is exactly what happened. I believe that either military officers or police officers affiliated with the Iron Order Motorcycle Club hired a hacker and used official access to the server in Frankfurt to accomplish the hack.
. There is some irony in that. About four years ago then Iron Order president Ray “Izod” Lubesky wrote, “Aging Rebel got it right…accurately stated in the Aging Rebel’s article. All of the nonsense spewed by outsiders can almost all be dispelled in this one article as it portrays the IOMC for what it really is. We didn’t ask for this publicity or this article. It was written by a one percenter for one percenters and yet it disputes all the lies they perpetrate every day. It’s just another example of the irony in the MC life….. This article is more than just a bunch of reporting on an incident using court records as a source of facts. It is a balanced commentary on the event, trial and outcome. “
I think these are the guys who think you shouldn’t have the right to read what I write because when I stick a mirror in their faces they feel embarrassed.
I think the entire episode screams Iron Order. They should be embarrassed.
I always know more than I say. Maybe they should lawyer up.
I want to thank three gentlemen in particular for their assistance. Chase told me how to save the site and gave me other valuable advice. JV and Beer got the site back up and running. JV spoke to me about the mysteries of web site security as a very patient father speaks to a very stupid son.
Navigating the site may be slightly difficult over the next few days. The kinks will disappear soon. Please hit a donate button when you get a chance.