Pastebin’s status as the favoured website on which to post evidence of stolen or hacked data could become a thing of the past with the news that its owner plans to filter content more carefully.
In an email interview with the BBC, current owner Jeroen Vader admitted that the site now examined an average of 1,200 abuse reports a day via its notification system and needed to hire more staff to cope with this volume of traffic.
The site was also becoming a target itself and now received DDoS attacks almost every day, he said.
“February was a terrible month, so many attacks. It was a real nightmare to run the site. The longest one went on for more than 48 hours,” said Vader.
The site’s biggest challenge remains its reputation as a repository for stolen data as evidenced by numerous incidents since Vader took the site over in early 2010.
The sale was partly motivated by the infamous hack that gave Pastebin unwanted public attention in 2009 when it was used to publish the logins for thousands of Gmail, Hotmail, Yahoo and AOL webmail users.
Since then, it has become associated with an increasing number of data-sharing attacks, including the Comodo hacker’s famous SSL raids on various certificate authorities, the publication of credit cards culled from Saudi Arabian credit card users, and the theft of 100,000 Facebook user logins.
However, its most famous moments were undoubtedly connected to its regular use by LulzSec and Anonymous hacking groups to publicise attacks.
Equally, it has been used to publish details of important security vulnerabilities such as the one that affected Dropbox last June, which is where Pastebin’s tricky modus operandi becomes apparent. It is designed to be a repository for open information exchange, a sort of technical or coder’s version of Wikileaks. That this is often being abused is inherent to its open model.
“I am looking to hire some extra people soon to monitor more of the website’s content, not just the items that are reported,” Vader told the BBC.
“Hopefully this will increase the speed in which we can remove sensitive information. This will give us more time to look at trending items in detail if they haven’t been reported yet.”
Pastebin also shared IP address information if it was requested by the police using a valid court order, he said.
View full post on National Cyber Security » Computer Hacking