OpenSSL.org invaders reveal a startling soft spot in the cloud

The official website of the widely used code library was only defaced – its data repositories left untouched. But what is concerning to cyber specialists is that the vandals made their entrance through a remote server.

The ultimate compromise of the “hypervisor” software hosting OpenSSL.org seemed to be the most significant part of the assault.

In an advisory updated on Jan. 3, OpenSSL officials said the penetration “was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.”

Observers speculate that OpenSSL's provider is IndIT Hosting, according to Ars Technica. The company's website indicates it uses both ESXi and KVM virtualization platforms.

Websites around the world use OpenSSL software to provide encryption for the pages they serve. 

A forensic investigation began two hours after the breach, according to OpenSSL officials.

“The lack of additional details raised the question of whether the same weakness may have been exploited to target other sites that use the same service,” Ars Technica reported. “After all, saying a compromise was achieved through a hypervisor vulnerability in the Web host of one of the Internet's most important sites isn't necessarily comforting news” if the service is widely used by others.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.