Hackers compromise Amnesty International UK website

Hackers compromised Amnesty International's UK website using remote administration tool Gh0st RAT, according to Websense Security Labs

Hackers have compromised the website of Amnesty International UK, according to security researchers.

The Websense Security Labs researchers said they detected the compromise through the Websense ThreatSeeker Network from 8 to 9 May.

The attackers injected malicious code that could put users at risk of having sensitive data stolen and infecting other users in their network, the researchers said.

"As soon as we became aware of the infection we worked with our hosting company Claranet to isolate it and remove it as a matter of urgency," Amnesty said in a statement.

The organisation emphasised that all user profiles are held on a separate server and were in no way compromised by the incident.

"Security is very important to us. As well as extensive security measures in place to prevent exploits such as this, we also have constant monitoring in place to alert us immediately when incidents like this occur," Amnesty said.

The website, which was hit by similar attacks in 2009 and 2010, was infected by the same Java WebRoot exploit that has been present in several recent security scares, including the Mac OS X infection with the Flashback Trojan and last week's attack on the Israeli Institute for National Security Studies, the researchers said.

“Exploit kits zoom in on vulnerable websites, even ones with good intentions," said Carl Leonard, senior manager at Websense.  

Researchers found the attackers used a variant of the remote administration tool Gh0st RAT, which is used mainly in targeted attacks to gain complete control of infected systems, including the ability to access to a user's files, e-mail, passwords and other sensitive personal information.

This compromise is more serious than your average, said Leonard: "With a low anti-virus detection rate, Gh0st RAT is a powerful tool that allows backdoor access into infected machines."

Companies need effective, real-time inline security to protect against infection, he said: "Without the right defences, it might be much more than a charity donation that the malware authors steal.”

The latest top cyber security risks report from Hewlett Packard reveals that web injection attacks, particularly, SQL injection (SQLi), are popular with attackers and are rising rapidly.

The report shows that SQLi attacks increased from around 15 million in 2010 to more than 50 million in 2011.

Static analysis revealed simple coding mistakes result in significant numbers of vulnerabilities, with 86% containing injection flaws.

Dynamic analysis of the web applications in use showed 74% were vulnerable to cross-site scripting attacks and 12% were vulnerable to injection flaws.

The report said that, while these numbers are smaller, they are not less risky, as vulnerabilities are difficult to detect and defend against without hindering business.

Read more on Hackers and cybercrime prevention