Identity of Cryptome's Sources Might Have Been Compromised

A person claiming to be the hacker who recently broke into Cryptome.org, claims to have learned the identity of many of the site's sources including that of several WikiLeaks insiders.

Cryptome is a longstanding whistleblower website, co-founded in 1996 by New York architects and civil liberties activists John Young and Deborah Natsios.

During its many years of activity, the site published information received from confidential sources, which government agencies and companies would rather have kept secret.

On October 2 John Young found himself locked out of both the Cryptome.org hosting account at Network Solutions and the Earthlink email address associated with it.

Meanwhile, the website displayed a greeting message from hackers. According to Young, when he finally regained control of the account, all of the data was corrupted and the hosting provider had to restore it from an older backup.

Wired reports that following the incident, a person claiming to be responsible for the hack has contacted them with detailed information about it.

The alleged hacker uses the online aliases of "RuxPin" or "Xyrix" and claims to be a member of the Kryogeniks hacker crew.

He claims that during the breach he downloaded large amounts of data, including Young's emails and address book, which contain the identity of Cryptome's sources.

In order to prove his claims, the hacker sent Wired screenshots of the compromised email account's inbox and the cryptome.org Web directory.

At least one of the email exchanges exposed in the images has been confirmed by both Young himself and the recipient, who was known to Wired.

The hacker also claims that some of the message revealed the identity of several people working for WikiLeaks, who fed information about the controversial organization to Cryptome.

This information, consisted of internal documents and chat logs and has been published on Cryptome.org in recent months.

However, this breach is not limited to WikiLeaks whistleblowers only and also affects many other sources, who sent information to the website from personal email accounts along the years.

RuxPin stressed that he doesn't plan to expose any of them publicly, because he actually likes Cryptome, but John Young doesn't plan to let this incident pass so easily.

"One of the things I’m interested in is how much prowling they did beyond Cryptome. Any rummaging in our e-mail is different than rummaging in Cryptome. We’re going to burn his or her a** [redacted] with that," Young said.