Account compromised

Admin account apparently compromised, blocked

Over a month ago, four administrators were desysopped due to an apparent compromise of their accounts (see archived story). After a brief respite from successful cracking attempts, another admin account, Vancouverguy (talk · contribs · blocks · protections · deletions · page moves · rights · RfA), was blocked indefinitely on 12 June, because the account had apparently been compromised.

The last activity from the account before the compromise was nearly two years ago, on 24 October 2005. At 15:29 UTC, 12 June 2007, Vancouverguy deleted the category for the candidates for speedy deletion page. The edit summary was "title is inaccurate: should be Candidates for deletion when we get around to it." To the incident, David Fuchs (talk · contribs) responded, "Is there a reason you deleted C:CSD?" With no explanation for the deletion, David Fuchs restored the page.

At 15:46 UTC, the account moved the articles for deletion page to Wikipedia:Articles for deletion when we get around to it, moving the talk page as well. Moreschi (talk · contribs) re-moved the pages as appropriate and the target pages were deleted by WJBscribe (talk · contribs).

Two minutes later, at 15:48, Bastique desysopped the account. One minute later, the account was blocked for 24 hours by H, reversed just seconds later to an indefinite block by Moreschi.

There were no further questions on the incident, and no evidence was presented as to who the compromiser was. The compromiser may have been 87.175.68.193, because the IP's only edits were vandalism pertinent to the incident. After the vandalism was fixed and the admin account blocked, the IP replaced both pages with "Deleted until we get around to restoring it." After those edits were reverted, he vandalised again, adding "Delete this when someone gets around to it." on the top of the AfD page.

It is unlikely that Vancouverguy will be resysopped or unblocked. Unlike those of the four victims of password cracking in May, all of whom were resysopped shortly after the incidents, Vancouverguy's account had been inactive for over 18 months, and as a result, proving who the account holder actually is would be an unlikely scenario.


+ Add a comment

Discuss this story

To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.
No comments yet. Yours could be the first!





















Wikipedia:Wikipedia Signpost/2007-06-18/Account_compromised