ARTICLE

LICADHO Clarifies Hacking Attack Report

Published on 17 May 2018
F T M
The malicious code begins with “eval(“

Last week, LICADHO staff discovered a strange phenomenon when trying to access the Phnom Penh Post website. When visiting the site, a malicious code impersonating Google (misspelled Gooogle) attempted to trick users into granting full access to their Gmail inboxes to an unknown third party called GTransfers.

LICADHO analysed the code which was hidden within a legitimate script file (theme.js) hosted on the Phnom Penh Post website and forwarded its findings to partners in the region. The tampering with the website was independently confirmed by cyber security experts - including industry leader FireEye - in an ABC article.

Screenshot of the malicious overlay, as seen on the Phnom Penh Post site, claiming to be Google.

The presence of the sophisticated code on the Phnom Penh Post website – which was removed within the last 24 hours – can be independently verified through a US-based website called Wayback Machine which allows users to see archived versions of websites across time.

As seen on this daily archive for the month of May, starting 8 May, a malicious line of code was present in the script file. The line disappeared on 15 May and LICADHO is no longer targeted by the above-described attack.

Dates are all in universal time, which is used by Wayback Machine.

MP3 format: Listen to audio version in Khmer

Resources

Prisoners of Interest

Read through the list of politicians, activists and unionists unjustly arrested for their peaceful activism.

Court Watch

Keep track of court cases against human rights defenders, environmental campaigners and political activists.

Right to Relief

An interactive research project focusing on over-indebted land communities struggling with microfinance debt.

Cambodia's Concessions

Use an interactive map to explore Cambodia’s land concessions.

Follow Us | Work Opportunities
This site and its contents are licensed under a
Creative Commons License