Web Hosting Firm Hacked

Tuesday, April 16, 2013 @ 04:04 PM gHale

Seclist.org users experienced issues when accessing the site last week because it turns out that downtime was because the website’s web hosting provider, Linode, suffered a hack attack.

According to a blog post published by the New Jersey-based web hosting and cloud computing provider, the company’s administrators identified and blocked suspicious activity on the networks.

Simulated Attacks Hike Security Awareness
Phishing Hole: Execs Names Pilfered
Malware Attacks Hit Constantly
Spear Phishing: Energy Sector Targeted

“This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact,” Linode’s Stephen Clemens said.

“We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed.”

Law enforcement agencies are investigating the case and additional security measures are in place to keep the attackers out. However, as a precaution, the company reset all passwords and users have been requested to set new, strong ones.

The customer that Clemens is referring to appears to be Seclist.org. According to Gordon Lyon – aka Fyodor, the owner of various Internet security resource sites, including Seclist.org – the attackers used the access to Linode’s systems to break into some of their virtual private server (VPS) systems.

“I guess they hacked Linode and then went looking for well-known sites to go after. Perhaps we should be flattered to have made the list, but we’re not. Linode said the intruder messed around with our account, but left their other customers alone,” Fyodor said.

In the meantime, pre-attack backups restored the affected services.

The hackers, a group calling itself HTP, used vulnerabilities in Adobe ColdFusion (CVE-2013-1387 and CVE-2013-1388) to carry out the operation. That is a vulnerability Adobe patched less than a week ago.

“We have been working around the clock since discovering this vulnerability,” the company said in its blog. “Our investigation reveals that this group did not have access to any other component of the Linode infrastructure, including access to the host machines or any other server or service that runs our infrastructure.”

Linode said the good news is there is no evidence that attackers obtained decrypted credit card numbers. Credit card numbers in the database end up stored in encrypted format, using public and private key encryption, it said. And, the private key is itself encrypted with passphrase encryption and the complex passphrase does not store electronically.

Leave a Reply

You must be logged in to post a comment.