
CyanogenMod.com hijacked. Transition to CyanogenMod.org - saket123
http://www.cyanogenmod.org/blog/psa-transition-to-cyanogenmod-org
======
blhack
The title was NOT sensationalist, and the change here is a loss of
information. They aren't "transitioning" to a .org, their domain was stolen.
the .com shouldn't be trusted at this point, as it has apparently been taken
over by some rogue former-team-member.

edit: thanks to the mod that fixed it :)

~~~
cdr
There is, so far as I've discerned, an automated bot running that changes
submission titles to the HTML title of the URL. No human intervention, no
human judgment.

~~~
pg
That's not true; tis all humans; but as far as I'm concerned that's the
ultimate compliment to their speed and lack of bias.

~~~
cdr
I wouldn't call "no human judgment" a compliment...

------
thechut
Why is everyone complaining about the title? Yes its a bit sensationalist but
all of this is detracting from the actual story here.

While it's true that cyanogenmod.com going down may not serve a functional
problem to most people but it is a pretty sad story. I have used Cyanogen on a
couple phones and all my Android devices use the Clockwork recovery, which is
an incredible tool. I don't know the specifics but I don't think anybody on
the Cyanogen team was receiving money for their work. Granted, there are
premium versions in the Play Store, but certainly nobody is getting rich of
Cyanogen or clockwork.

The fact that somebody is screwing them over just to make a couple bucks seems
pretty terrible to me. These guys do this for fun and for the good of the
community (not to mention for the good of Google), so my heart really goes out
to them. I hope you get everything sorted out and get everything back up.

There is a PayPal donation form at the bottom of their site. I have donated in
the past when they have asked and I'm sure I will this time if they make an
appeal to pay for legal fees.

Again, so sad to see this happen to such a great group of devs.

~~~
saket123
I like the idea of buying a related domain and donating it to the community as
mentioned in another comment. I agree that we as community of hackers should
try to figure out how can we help CM who are just a group a volunteers doing
great work for the community.

------
lambda
Wow, this thread is pretty interesting, in which you can see the owner of the
.com domain convincing someone to donate $500 a month to what they thought was
the cyanogenmod team:
[https://store.n2acards.com/helpdesk/viewticket/moderator/cod...](https://store.n2acards.com/helpdesk/viewticket/moderator/code/2852d314c34d502cd2ae76493253c4e58961948/?p=1)

And in the thread, he mentions that Swappa is doing the same thing, $500 a
month plus $10 per device sold, though there's no way to verify if that's
true. Swappa claims to donate $5 per device sold to Cyanogenmod, though who
knows if that's been going to the actual project or this joker.
<http://swappa.com/cyanogenmod>

That's some pretty serious fraud there, if this is true.

~~~
vitobcn
It seems that previous owner of the .com domain has handed it back to
Cyanogenmod already (probably due to the unwanted publicity):

[http://www.cyanogenmod.org/blog/domain-situation-has-been-
re...](http://www.cyanogenmod.org/blog/domain-situation-has-been-resolved)

They will stay with the .org domain though, and have the previous .com domain
redirect to it.

------
cookiecaper
This is pretty scary now that CM has started to do OTA updates again. What
server is that mechanism checking and trusting? Is there any cryptographic
verification for update packages? Whose keys are used (the keys of the bad
dude?)?

~~~
BHSPitMonkey
This is definitely important to find out in the wake of this incident, and I'm
anxious to learn the answers myself. That said, CyanogenMod distributes its
builds through a separate dedicated site [1] that appears to be unaffected.

[1] <http://get.cm/>

------
streptomycin
And the .org domain is already #1 in the Google search results for
CyanogenMod.

~~~
grandpoobah
How did it happen so quickly?

~~~
stanleydrew
If search engines are indexing your site with any regularity and you kill all
your DNS records I'd say it's not terribly surprising to have your domain
removed. That combined with the new .org being an exact match for a "cyanogen"
search would probably do it.

~~~
Achshar
It looks more likely that someone form the search team browses HN or uses
Cyanogen (very likely) and they intervened and updated the index manually. I
am sure google has a back-end to do stuff manually.

------
cookiecaper
Cyanogenmod devs need to get PGP keys and start using cryptographic signatures
like now. The guy never would have been able to impersonate in the first place
if they were doing this, and now it's even more important that the
@cyanogenmod.com domain is directing to a different mail server.

~~~
lambda
Not sure if that's the case. Most people he was impersonating himself to
probably don't know enough to find and check PGP signatures; especially since
most email does not come with PGP signatures, the lack of a signature is not
something that would cause anyone to bat an eyelash.

~~~
cookiecaper
If he prominently announced on his sites "DO NOT accept anything without a
cryptographic signature as authentic", it is likely to have worked. It's not
like the targeted victims had not visited Cyanogen's site or done any research
before.

And at worst, a policy of signing all emails makes it so he can't be framed;
someone can't alter mails and claim they were sent in that state, and if this
guy thought he was going to be caught and went into the mail server to try and
plant the evidence so that when the deals fell through the real Cyanogen was
still on the hook, he wouldn't be able to reproduce a valid signature and one
would say "Cyanogen was obviously framed, as he would never certify a deal in
an email without a cryptographic signature".

~~~
jrockway
How would have they distributed the keys? I can easily upload a key with an
arbitrary id and username to any public keyserver. You have to actually check
that you trust the key by utilizing the web of trust.

Alternatively, you could use SSL certificates, but since the attacker
controlled cyanogenmod.com, he probably could have social-engineered the CA to
issue him an email certificate.

Trust is hard.

------
philp
Does anybody know how this "rogue" webmaster took undue advantage of the
CyanogenMod brand? The Facebook post states something about referral deals
with community sites. Any idea what that would mean in practical terms?

Just curious.

~~~
facorreia
According to the conversation linked to by CM member koush[1], in one instance
he approached a CM distributor requesting a 'contribution':

"Hi, we noticed that you are selling these cards with CyanogenMod builds. We
do not however seem to have any agreements in place for this and feel it's
only fair that you start contributing to the CyanogenMod project to continue
selling your products."

[1] <https://twitter.com/koush/status/268836995890028544>

~~~
pbhjpbhj
That does seem fair, doesn't it?

~~~
facorreia
The team claim he was not authorized to make such claims and that the project
never received these payments.

------
bronson
It seems a nice idea, buying the CM.com domain and donating it to the project.
Wonder if this sleazeball had a change of heart, or was he planning on
embezzling referral traffic the whole time?

~~~
greyboy
I read:

 _And due to the small size (and lack of funds), the CyanogenMod.com domain
was bought by a third-party back in 2009 and donated to CM, when CM was a much
smaller project and had no online presence besides XDA._

I must be missing something (and speaking from a US perspective), but was $10
really unattainable in order to secure a domain? Three years worth would have
been $30-ish dollars now. Genuinely curious what led up to this scenario.

~~~
shardling
I might have missed something, but it's not clear to me whether the original
gifter is the person who hijacked the domain.

~~~
greyboy
That's true. I made the assumption it was the same person based on:

 _The person owning the CyanogenMod.com domain was caught impersonating Steve
to make referral deals with community sites. When confronted and asked to hand
over control of the domain amicably, he decided he wanted 10K USD for it,
which we won’t (and can’t) pay._

but, that could be a mistake if "owning" meant he simply took control of it at
some point over the years.

~~~
shardling
It's slightly contradictory, because it says the original person "gave" them
the domain. I at first took that to mean in all senses. But it does seem
likely that if there were two different unnamed people associated with the
website they would have made that distinction clear.

(The confusion could have been avoided by assigning a nym to anyone who they
didn't want to name explicitly.)

------
polyvisual
Phew, my first instinct when reading the start of that post was that some
rogue code had been committed.

Note: it's a shame most of the comments here are about the title of this post.

~~~
MrMember
>Note: it's a shame most of the comments here are about the title of this
post.

Indeed, I check the HN comments for interesting conversation, not drivel about
whether or not the submitted article's title is sensationalist.

------
VMG
Why are large parts of the android custom ROM community unprofessional and
immature?

I always shiver a little if I have to dive into xda-forums, but this takes it
to the next level. Puts all the actual hard working developers in a bad light.

~~~
lambda
I think its because they grew out of the phone ROM community, which pre-
Android, generally meant hacking up a binary blob and distributing them on
forums. This was never quite legal, but lots of people did it anyhow. Like any
community build around legal grey areas, like Xbox and PS3 modders, there's a
lot more anonymity, less professionalism, and the like, than there is, say in
the free software world, where people are legally, and in many cases
professionally, writing software to run on their own machines.

Even once Android came out, there are enough binary blobs, like the actual
phone firmware, drivers, the Play Store, the Google Apps, and so on, that a
lot of the mods are just redistributions of the binary packages with a few
configuration changes and some custom software on top, rather than a rebuild
from source of AOSP.

------
nacs
Seems the guy who stole the domain is trying to undo his damage and possibly
hand the domain back (likely due to the negative attention this is bringing
him). He posted this to his Twitter account a few minutes ago:

"we've already had this conversation. The DNS was changed in preparation to
hand the domain back to Steve. You all jumped the gun."
<https://twitter.com/MrADeveci/status/268837555129167873>

"DNS propagation can take 72 hours. The domain was transferred about an hour
ago. It was transferred to another UK registrar." \-
<https://twitter.com/MrADeveci/status/268881716876300288>

UPDATE: Seems he really has handed the domain back now?:
[http://www.cyanogenmod.org/blog/domain-situation-has-been-
re...](http://www.cyanogenmod.org/blog/domain-situation-has-been-resolved)

------
SafeSituation
As of right now (4:34 EST) cyanogenmod.com redirects to cyanogenmod.org

~~~
pserwylo
Yup, I have the same thing. Is this a(nother) change of heart from the owner?
Or did ICANN intervene that quickly? I find it hard to believe its the later.

~~~
Tyrannosaurs
I'm guessing a change of heart from the owner once things went public.

As you say, it's unlikely that there would be any intervention that quickly.

------
gte910h
I don't know what this is, but as the guy asked for money for the domains,
which he didn't own, I'd think about asking the police to look into this being
extortion.

~~~
antidoh
I think he did/does own the domain, on behalf of cm. My best guess is that cm
wasn't incorporated, so a human body had to own it. The human body then went
full asshat.

~~~
gte910h
Sorry, I thought the transfer looked more administrative.

If the accused asshat actually paid for the domains at all, that's a whole
nother story as they say.

------
pla3rhat3r
I had this happen to me when I started a music blog in 2008. Some trust fund
brat decided he would hijack the site and I was forced to basically start
over. It was painful but 3 years later I'm glad I did. I was able to rebuild
and now have a better site with a better team in place. It'll take time but
these guys will recover too. Integrity always wins!

------
mkup
Domains are real estate of the internet. Losing domain control is like losing
your house or land.

------
Jeraimee
Can we get a title change here. This title is not only wrong but just worded
to grab attention.

~~~
shardling
How is it wrong?

Their original website was taken offline by a (now former) developer, forcing
them to change domains. Seems like the title is perfectly accurate.

~~~
zetx
It's confusing at the very least. "CyanogenMod [domain] taken offline by
developer" vs "CyanogenMod [project] taken offline by developer"

~~~
bmasci
This. My first thought was that CM was no longer available. I did not think
anything of the domain.

------
trhtrsh
Seems similar to the MacPorts vs DarwinPorts domain name issue:
<http://trac.macports.org/wiki/DarwinPortsFraud>

But in that case, no domain was transferred, it was just confusing from the
start.

------
rapsac
I think this would be a good time for Anonymous to step in and wipe this guy
off the map.

------
eykanal
I'm mixed on whether this is a good way to handle reporting something like
this to the public. On the one hand, they didn't release the guy's name, which
is completely and entirely appropriate, and I commend them for doing so. On
the other hand, giving so many details—many of which are not relevant to the
public, and probably were not intended for the public—gives this PSA somewhat
of a "well, screw you too" vibe.

I think a simpler "we've been betrayed by an insider with access to
everything, here's how we're fixing it, and yes, we're pursuing legal methods
for dealing with this" would have been better. Leave out the gory details
about who's hurt and whatnot. This is business. Still, this is better than
half of the other "we've been betrayed" posts I've seen.

~~~
bsenftner
Tell us the name of this rogue. I don't want to ever do business with the
person, but how to know?

~~~
facorreia
It's public via whois.

~~~
michaelhoffman

      Registrant:
       MetServe Enterprises Limited
       Kemp House
       City Road
       London, London EC1V 2NX
       GB
      
       Domain name: CYANOGENMOD.COM
      
      
       Administrative Contact:
          Enterprises, MetServe  info@metserve.com
          Kemp House
          City Road
          London, London EC1V 2NX
          GB
          +44.2081232629
       Technical Contact:
          Enterprises, MetServe  info@metserve.com
          Kemp House
          City Road
          London, London EC1V 2NX
          GB
          +44.2081232629
    

Doesn't have a person's name though.

~~~
entropy_
Well, this conversation: <https://twitter.com/koush/status/268836995890028544>
has a guy called Ahmet Deveci who seems to be going at it with Koush about
giving back DNS domains.

His profile on twitter says "Entrepreneur, with a passion for website design,
development and all things technology. Director of Metserve Enterprises.
London, UK · <http://www.mradeveci.com>

That seems like the guy.

~~~
skeletonjelly
Let's try and be certain before we start hurling abuse eh mobs?

------
moens
Ideas will be stolen. I know this is a hotly debated topic, and I agree with
the raw idea != actionable idea, yadda^3.

I cannot emphasize enough to developers and to startups: all war is about
money, all business is about money. When you get to the point that you are
making money, you are in business... and all business is war (imo). If you go
in thinking like that (not freaked paranoia, but strategic defensive
development), you will avoid a lot of this trauma.

I feel for you guys, I've been there.

------
lambda
Title is sensationalist. Should be something like "Transition to
Cyanogenmod.org"; Cyanogenmod is not offline, just cyanogenmod.com

Google already give you cyanogenmod.org when you search for cyanogenmod. Was
this always their preferred domain, or is Google just that quick to update?

Post on cyanogenmod.org for those who prefer not to use Facebook:
[http://www.cyanogenmod.org/blog/psa-transition-to-
cyanogenmo...](http://www.cyanogenmod.org/blog/psa-transition-to-cyanogenmod-
org)

For the sake of posterity, the original title was "Cyanogenmod taken offline
by developer", and the link was to the same story, but posted on Facebook.

~~~
myko
It isn't terribly sensationalist. Indeed a former team member is holding the
domain hostage, it's not a simple transition by any means.

~~~
jeffool
Just reading the title, I was under the impression that CyanogenMod itself was
no longer available from the developer, not just the website. I'm not sure if
"sensationalist" is the right word, but, it wouldn't pass an editor's muster.

~~~
myko
Good point about the old title saying 'by developer'. Probably since I knew
what had happened already it didn't stand out to me, but I see how folks would
think it meant Steve took it down.

Again I don't think the title was meant to read that way, but yeah I agree
that was not clear and the new title/direct link is much better.

~~~
jeffool
Oh I agree completely; I certainly don't think saket123 meant to mislead
people at all. It was just an unfortunate choice of words causing a little bit
of a dust up. Maybe now any relevant conversation can happen!

So let's all go answer or up-vote philp's comment!

