Cryptome.org hacked to dish out malware

Compromised whistle-blowing HQ begins site rebuild

8 Reg comments Got Tips?

Cybercrooks have planted malicious scripts on top of whistle-blowing nerve centre Cryptome.org.

cryptome_b

The website this morning...

The attack, which used the well-known Blackhole toolkit, exposed surfers visiting any page of Cryptome.org to a hacker-controlled page that leveraged browser exploits and the like to compromise readers' machines.

The methods used to breach Cryptome and plant malicious code remain unclear as of Tuesday morning. There are several possible routes to compromise a system, from SQL injections to exploiting a flaw in an public-facing server. It's unclear who carried out the attack or their motives, which might be just to infect machines and plant Trojans as part of a money-making scam or something more targeted against Cryptome's user base.

Cryptome specialises in publishing information about cryptography, surveillance, freedom of speech and related issues. The site has a similar profile to WikiLeaks in some ways, but has been operating for far longer, since 1996.

The whistle-blowing site confirmed the hack and published a notice on its site on Tuesday saying that a "complete restoration of Cryptome with clean files is underway". The restoration process is expected to take around a day. ®


Keep Reading

Spyware maker NSO can't claim immunity, Facebook lawyers insist – it's time to face the music

Software developers aren't nation states, antisocial giant points out

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

Mandrake handlers could snoop on whatever victim did with their phone

US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak

And: 'Putin ordered the Russian effort to hack computer networks' to help Donald Trump win White House race

Starz, meet the Streisand Effect. Cable telly giant apologizes for demented DMCA Twitter takedown spree

Inadvertently highlights easy abuse of IP protection

Amazon's not saying its warehouse staff are dumb... but it feels they need artificial intelligence to understand what 'six feet' means

Vid The yellow markings on the floor aren't enough for real neural networks

UK intel committee on Russia: Social media firms should remove state disinformation. What was that, MI5? ████████?

Also (yikes): A 'complicated wiring diagram of responsibilities amongst ministers' in the event of cyber attack

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials

Details start to emerge on real-world impact of Prez-signed secret memo

Huawei set to exit server, storage, networking business in the UK

Exclusive Chinese giant confirms redundancies as Enterprise division slashes portfolio

Biting the hand that feeds IT © 1998–2020