During the attack, users saw a web page with the sentence "The Secret Service is watching. -Agent Leth and Clown Jeet 3k Inc". According to a statement by Hushmail, hackers altered Domain Name Services (DNS) server records so that users entering Hushmail's web address in their browser were no longer directed to the real website. Users of the service were not asked to enter account details and the extent of attack appears to be only a few lost emails.
"There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com may not have been delivered," said Hush Communications said in a statement on its website.
It warned users to be careful and make sure they are on a secure web page before entering details such as pass phrases. "If your browser displays any error messages about the "certificate" that verifies the website, do not continue," it added.
As reported in SC Magazine earlier this month, researchers at the SANS Internet Storm Center warned about DNS cache poisoning attacks that redirected users to malicious web sites.