Cryptome Hacked, Attack Script Planted on Webpages

For almost four days the website served its visitors the infamous Blackhole toolkit

By on February 13th, 2012 15:04 GMT

Cryptome.org, a website very similar to Wikileaks, was breached, the cybercriminals placing an attack script on each of its pages with the purpose of infecting computers to make them part of a botnet.

F-Secure’s Mikko Hypponen informs that the script used the Blackhole toolkit to find vulnerabilities in the computers owned by the affected site's visitors.

A closer inspection revealed that the malicious script incorporated a clever mechanism to avoid being blacklisted by Google. To achieve this result, the script didn’t target the IP addresses of visitors that originate from Google.

According to Cryptome administrators, the site was breached on February 8, around 6,000 files being altered to host the ill-intended script.

At the time of writing the website is online, but not all the pages may work until the infected files are replaced with clean ones.

Comments

Cryptome hacked
   Cryptome hacked