On Friday, the extremely popular Boing Boing blog was hacked by an unknown party who planted malicious code into the site’s WordPress theme.
Around 11:30 EST on January 10th, An unknown party logged into Boing Boing’s CMS using the credentials of a member of the Boing Boing team.
They proceeded to install a widget into our theme that allowed them to redirect users to a malware page hosted at a third party.
Users visiting the site from desktop computers reported that they were redirected to what pretended to be a download page for an Adobe Flash update.
Meanwhile, Android surfers were presented with a pop-up purporting to come from Google, claiming that their phone was unsafe.
These aren’t new tricks. Cybercriminals have long duped internet users into installing code by pretending to be a genuine update to Adobe Flash, or a warning from an operating system vendor that action has to be taken to secure a device.
There are obviously lots of questions that may need to be asked. For starters:
How did the attacker manage to get their hands on a Boing Boing staff member’s password?
Was the Boing Boing worker phished or had their password guessed?
Were they making the mistake of reusing the same password?
How did the attacker manage to avoid the authentication systems Boing Boing uses on its website? (Boing Boing claims to have TOTP 2FA integrated into its CMS login system)
Does Boing Boing do IP look-ups ..
Support the originator by clicking the read the rest link below.
