Cryptome.org is a website that has focused on publishing information about freedom of speech, cryptography, spying, and surveillance. In many ways, Cryptome is similar to Wikileaks – except it has been operating since 1996. The site is run by a New York -based architect called John Young.
Cryptome has just announced it has been hacked. The hack planted an attack script on every page of Cryptome. This script used the infamous Blackhole toolkit to gain access to vulnerable computers that visited www.cryptome.org.
The attacker is not known. Neither is the mechanism that was used to breach Cryptome.
Updated to add: Modified the post to say that the attack script specifically avoids targeting IP addresses from Google to prevent Google search engine from blacklisting the site. Originally this post speculated that the script worked the other way around, and that the attack was targeting Google. It wasn’t. Sorry for the confusion.
Leave a reply
The Blackhole are hosted on Nexcess-Net range.
Have scan their range and found 1876 IP containing BH EK out of 57600 check….
Can give the IP listing if you are interested and think you can do something against that.