Famed whistleblower site Cryptome.org was hacked and infected with the nefarious Blackhole toolkit, unwittingly serving malware code targeting Windows machines that forced a complete restoration of the site by its owners.
New York based architect and scholar John Young, who launched the site many years ago, explained that the Blackhole code was found embedded into “every HTML file in the Cryptome main directory”, forcing a complete restoration from a clean copy of all the 6.000 files on the server.
The malware that was placed into Cryptome web code was designed to test the visitor’s browser in search of any available vulnerabilities before downloading a malicious executable file on the visitor’s computer. Apparently the malware only targeted Microsoft Internet Explorer users.
The complete restoration of the Cryptome files took some time, and now the service is completely clean. Furthermore, security research “mrkoot” has put together additional technical notes about the attack on his site.
The new attack against the Cryptome.org server is particular worrisome considering how sensitive the type of documents managed by its owners is. Founded in June 1996, the whistleblower site started collecting and publishing “prohibited” and even classified documents (freedom of expression, privacy, cryptology, intelligence, and more) way before Wikileaks became a worldwide media sensation.