ECPAT website hit by Javascript injection attack

Child protection organisation may be victim of a wider attack

A New Zealand website dedicated to eliminating child prostitution, child pornography and the trafficking of children for sexual purposes has been compromised and found to be serving malicious JavaScript.

ECPAT NZ is an NGO set up three years ago in association with a campaign to highlight issues of tourism and child sexual exploitation.

Its tourism web site has been mass injected in an attempt to deliver malicious payloads from 20 different hosts.

Websense Security Labs ThreatSeeker Network discovered the infection. Websense says it is working closely with ECPAT to advise on the threats.

ECPAT national director Alan Bell says the site has been closed and he is awaiting a report from the administrator.

“We’ve been told by our host that this is possibly a larger issue we have been caught up in,” he says.

ECPAT’s home page has not been affected.

The tourism site allows people who have witnessed sexual abuse of children to report it for follow-up by the authorities.

ECPAT is part of a global network operating in 70 countries. The secretariat is in Bangkok.

Correction: This article originally said the ECPAT site was hosted by the ISP Watchdog. Watchdog says it supports the site, but does not host it.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Security ID

Show Comments