Pastebin to Patrol Its Corridors for Sensitive Data
Apr 3, 2012 10:57 AM PT
Online text depository Pastebin has decided to more closely monitor its site to quickly remove potentially sensitive information, according to a report from the BBC.
The site is intended as a way for Internet users to post large amounts of data outside of somewhere such as a comment forum or a blog post, where huge amounts of text would appear to be out of place. Because of its plain text format, programmers also use the site to post codes.
Lately, though, it has become increasingly popular as a spot for hacking groups such as Anonymous and LulzSec to deposit large amounts of sensitive data they've acquired through network intrusions, with the intention that the information be made visible to the public. Groups sometimes post personal information such as e-mails or login info on the site; the posts then sometimes gain notoriety on a "Trending Pastes" list.
Attempting a Crackdown
Pastebin already has guidelines and a monitoring system in place. The site warns that if a user pastes e-mail lists, password lists or personal information, the post may be deleted and the user's IP address block. Pastebin also uses a monitoring system where users can report questionable content to admins, who will analyze the info and take information down accordingly. The site takes down about 1,000 pastes per day, according to the BBC report.
However, judging what content to take down is time-consuming, especially because some pastes may contain large chunks of useless data and only a few lines of sensitive material, said the site's current proprietor, Jeroen Vader. The site is looking to hire employes that will monitor more of the site's content and proactively look for offending posts rather than wait for users to report them.
Pastebin didn't respond to our requests for comment.
Responding to Vader's conversation with BBC, the Twitter handle @YourAnonNews, which is associated with the Anonymous hacker collective, served up expletives to Pastebin and issued a rally cry of "All aboard the Censor Ship!" Later, it tweeted a link to a Pastebin post from an alleged data dump from NATO.
"Groups like LulzSec and Anonymous have made sport of compromising corporate and government sites as protests. Their methods reveal the insecurity of our digital world," Larry Walsh, president of the 2112 Group, told TechNewsWorld.
Cracking down on one site doesn't mean hacker groups won't find another place to go to post their data, but the fine line between online censorship and privacy is one that Internet companies are being forced to face, said Avivah Litan, security analyst at Gartner.
"There's definitely liability with some of the companies that are hosting this information, and we still don't have very clear laws on that," Litan told TechNewsWorld. "There's so much brewing in the government with our broad privacy laws. The EU is definitely cracking down, and this is a good way to keep these things in the news."
Litan spoke of a recent event in which Google Chairman Eric Schmidt spoke about that challenges that the search giant faces in the continuing pressure to remain uncensored and yet secure. The Internet wasn't built with criminals in mind, he said. Raising security on one site at least furthers that debate, said Litan.
"It's outrageous how much private information can be put out there that's not against the law, and it's good that this is shedding some light on that," said Litan.