UPDATE: A Turkish hacking group compromised and defaced over the weekend the website of OpenSSL, an open-source SSL and TLS encryption implementation resource.
The website Zone-H is hosting a mirror of the defacement, in which the hacking group responsible for the attack posted the following message: “TurkGuvenligiTurkSec Was Here @turkguvenligi + we love openssl _.”
OpenSSL posted an advisory on its website yesterday confirming the compromise and announcing that the source repositories are verified and unaffected.
“Initial investigations show that the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration,” OpenSSL has since written on their site. “Steps have been taken to protect against this means of attack in future.”
Little is known about the hacking group claiming responsibility for the defacement other than that the group is reportedly known as TurkGuvengli. In the defacement, the group seems to express its support for OpenSSL.
A successful attack targeting OpenSSL is concerning because the core mission of the volunteer-run service is to implement strong encryption for whichever Web-properties and services are interested in bolstering their security. If what is known now about the attack remains true, namely that it had no impact on OpenSSL’s code repositories, then it seems that the attack was little more than a site defacement.
“The source repositories have been checked and they were not affected” OpenSSL wrote. “Other than the modification to the index.html page (which was restored a few minutes after we became aware of the attack) no changes to the website had been made.”
OpenSSL is promising to release more details about the hack once they complete their investigation. We will update this story with any details as they become available.