Website defacing – a new trend in hacking?

The recent hacking of a prominent UAE newspaper's website by a nationalist group has triggered off debates on the source and reason behind this attack.

Whilst no details have been made publicly available regarding this defacement; it was at most an unfortunate, opportunistic attack perpetrated by a hacking group who tends to favour mass defacements of websites as their Modus Operandi.

The hacking group in question is likely to choose web servers based on a particular server operating system, as seen in over 95% of all their previous exploits dating back to 2006. ‘Mass defacers' usually target blocks of Internet addresses to find vulnerable systems and then proceed to exploit the vulnerabilities, in this case with defacements. Such attackers are purely opportunistic, and tend to target operating systems or web servers that they are technically well-versed with or use attack tools to assist them in their exploits.

Whilst this hacker group defaced four websites in the UAE around the same time, it is interesting to note that there have been over 30 publicly known defacements of websites in the UAE since the start of the year. Such attacks against organisations anywhere in the world - regardless of whether they are painted under the veil of hacktivism, extortion or political activism - are, at the end of the day, just cyber crimes perpetrated by cyber criminals. Globally, organisations can do little to control or mitigate an attacker's motivations; in depth security assessments, testing and sound security practices, and an increased 24x7 security vigilance are the essential prerequisites to thwarting these and other similar attacks in future.

Although there is a lot of speculation on various forums, etc about this incident; people should not read more into this incident other than it was simply an opportunistic attack. It in no way indicates state sponsored cyber attacks of any kind, and more interestingly the vast majority of this hacker group's previous website defacements targeted countries as far and wide as Brazil, Norway, China, the US and other countries all with defacement messages stating their affection for Iran and Azerbaijan. The global need for improved, more stringent web application security design, and effective patch management are vital to the continued uninterrupted delivery of services by Internet-facing organisations in the era of Web 2.0 and the ever evolving risks that organisations will continue to face.

Ivor Rankin is Senior Technical Security Practice Manager, Symantec Global Security Services