Websense warns of Amnesty International website hack

Internet browser
11 May, 2012

Security vendor claims campaign group's website was compromised earlier this week.

Visitors to Amnesty International’s UK site this week may have had their personal details stolen, according to security vendor Websense.

The company claims the site was compromised for two days (8-9 May), after it was allegedly injected with malicious code.

Without the right defences, it might be much more than a charity donation the malware authors steal.

In a blog post, alerting users to the vulnerability, Websense said: “During that time, website users risked having sensitive data stolen and infecting other users in their network.

“However, the website owners rectified this issue after we advised them about the injection.”

Websense claims the malicious code is the same one used to spread the Mac OS X Flashback malware, which is understood to have infected more than 600,000 Mac computers.

The Websense blog post also claims other Amnesty International sites have been targeted in a similar way.

“In early 2009, we discovered this same site was compromised, and in 2010 we reported another injection of an Amnesty International website, this time [in] Hong Kong,” it stated.

Carl Leonard, senior manager of Websense, said the code could be used by hackers to gain access to infected machines and steal data.

“This compromise is more serious than your average,” said Leonard. “Companies need effective real-time inline security to protect against infection [because] without the right defences, it might be much more than a charity donation that the malware authors steal.”

In a statement to IT Pro, Amnesty International played down the incident, stressing that no user details would have been compromised.

"As soon as we became aware of the infection we worked with our hosting company, Claranet, to isolate it and remove it as a matter of urgency," it stated.

"All our users profiles are held on a completely separate website and server and were in no way compromised by this incident."