• United States



Interview with founder of Thruzt, the social network that got hacked almost immediately

Jul 10, 20126 mins
Amazon Web ServicesData and Information SecurityMicrosoft

New social networking site Thruzt was immediately attacked, hacked and had its database whacked. Now, the founder provides a cautionary tale for entrepreneurs and anyone diving into the Amazon Cloud.

This is a cautionary tale for entrepreneurs who want to game social media on a large scale.

Thruzt is a social media site, the game of social networking, where cheating is not only allowed, it’s encouraged! There are numerous and varied “paths” (categories) where geeks like me might find many interesting technology or security stories. For example, the Matrix includes privacy, security, hacking, malware, and hacktivism. Military has subjects like cyber warfare and Intelligence. Technology is loaded up with topics including Internet, web development, programming, hardware, software, browsers, Google, Apple, Microsoft, Unix and Linux. It’s laid out in a visually stimulating Pinterest-like design to display user submitted stories or photos. Users “thruzt” to vote positively or “nix” to attempt to kill the submission from going popular. And all that voting is transparent, so you can see who your frenemies are.

All entrepreneurs who aim high may find ways to game the social media ecosystem. Reddit co-founder Steve Huffman admitted to a “fake it ’til you make it” plan which included filling Reddit with content from an army of fake user accounts. Digg was always gamed, but it had a great social networking community which was killed off in August 2010 when it switched to Digg version 4.0. Thruzt Founder Marcus Hirn wanted to rebuild that feeling of community that died on Digg, but transparency rules the day on the new social networking site. And embarrassing as it might be in some respects, 100,000 user votes, an unknown amount of comments, and about 4,000 user-submitted lost stories later, Hirn has earned the right to tell a social media entrepreneur’s cautionary tale. It started with the site being attacked almost immediately upon launch and then being “bleached,” as in wiped from the cloud exactly two months after Thruzt began.

Interview with Thruzt Founder Marcus Hirn:

Almost immediately upon launching Thruzt, attacks were launched against the new site and tested its security setup. Would you care to share that info with other folks interested in becoming a social media entrepreneur?

Marcus Hirn: We had multiple scans and intrusion attempts from malicious attackers using automated software and hunting for vulnerabilities to exploit; this time they were targeting the server’s IP. The first attack came on the 5th day and lasted for half a day. The Thruzt team blocked their IPs which appeared to be coming from China and Salt Lake City, Utah. After some battle, they dropped the attacks. But after we blocked, he or she came back and attacked again for four days, brute forcing SSH, brute force password attacks that attempted to get root user access. It slowed the server down. We had to reboot the server to force a new IP in order to get access and be able to block him.

Thruzt had been up and running in Beta for two months exactly. It had 34,500 pages indexed with Google, nearly 4,000 user-generated content submissions, over 100,000 Thruzt votes, and an unknown amount of comments when disaster struck via the Amazon Cloud. You announced to the community that Thruzt suffered “a BETA bump in the road” and a severe database data loss. The Thruzt blog stated, “We have to unfortunately confirm that all submissions, votes, comments etc. were wiped out. The only things we managed to save were usernames and passwords.” What happened?

Marcus Hirn: I effed up. When you set up with Amazon Cloud, you have to know what you are doing. The cloud gives you great scalability, but you really need to know IT. Amazon Cloud does not have “support.” It even has warnings that basically say if something is deleted/removed, then tough luck. We had not setup any logging for working directly with MySQL since Thruzt is in its infancy. Ironically, I was going to get to that setup the same weekend it was bleached. I had backups in a folder on the server and that was a mistake.

After researching, it was clear to me that our database files had been erased somehow. Oddly enough, the user-base table was still intact. We had some backups stored but those were missing too. We now setup a new backup system. As an explanation to what really happened, we will stick with saying it was either a technical error or a compromised system. We tightened security on the server, but we could not verify for sure that we were compromised. However, this situation will not be possible again.

Do you have any tips for future entrepreneurs who might intend to use the Amazon cloud?

Marcus Hirn: I think many people believe it’s like a normal web host where you create an account and then there is a cPanel where you click to install WordPress, or to setup a firewall, or to access FTP, etc. But on a cloud server you have to not only do all configurations yourself, but you also need to know what software to get and run. For a tech geek, it’s a dream as you have 100% control of your own server with easy added scalability. Yet to get to that point, it requires days, if not weeks, of learning the Amazon system.

I’d advise not getting into Amazon unless you have a firm knowledge about server setups. However, once you know about server setups, Amazon does give you some great scalability options at fair prices.

A little bird told me that Thruzt may try to pick up the slack from when StumbleUpon dropped the ball and alienated users by deleting profile page blogs. Is this true?

Marcus Hirn: Yes, we are aiming in that direction. The Thruzt team — myself, two developers, two SEO guys and four moderators — have plans to integrate “Howl,” the Twitter-like microblog we run, directly onto the profile pages of Thruzt. This should thereby increase communication and combine two very powerful tools.

Thruzt looks very promising in the social networking sphere and the transparency is refreshing. So is the suggestion that in order to game the social media site, cheating is not only allowed but it’s also encouraged. The moral of this cautionary tale may be that you should never launch without being prepared for war! . . .  and to know the proper setup for the cloud. But if you have the drive and the determination, you can find the silver successful lining in even the darkest of clouds.

Like this? Here’s more posts:
  • The more you encrypt, the more the government breaks into your cloud
  • You’re REALLY doing it wrong!
  • Track the trackers with Collusion: Interview with Mozilla’s Ryan Merkley
  • Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records
  • High tech car theft: 3 minutes to steal keyless BMWs
  • Hacker claims to have breached & backdoored antivirus software firm Trend Micro
  • The Future of Drone Surveillance: Swarms of Cyborg Insect Drones
  • NSA claims it would violate Americans’ privacy to say how many of us it spied on
  • Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
  • Windows 8 technology shift: The coming end of Win32 apps
  • Going Dark in the Golden Age of Cyber-Surveillance?

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.