Marca 3
Website Defacement
When a person thinks about vandalism they think of destruction or defacement of public or private property. A person that graffiti’s a wall or some form of public or private property is a form of vandalism. Vandalism costs businesses a lot of money and time and it’s no laughing matter. But what makes vandalizing different from defacing a website online? Aren’t they the same? Well, in this paper I will discuss website defacement, what it is, how and why it happens and what can be done to try to stop website defacement.
Website defacement is defacing of a website either by replacing the home page with a self-satisfied congratulation notice of defacement or simply by just removing or adding information to the existing homepage. One website defines it as, “when an intruder compromises a web server and changes the data on that page” (AntiOnline, par 1). How ever one defines website defacement one thing is visibly clear, it is not welcomed with open arms by any business or non-business website online.
Website defacement was never a big concern when the internet first started, but as the internet started to grow and security was less focused on and less secure, it started to multiple. During the first few years of the internets existence, website defacement would only occur occasional, but now they occur frequently everyday. An article written by Jim Wagner on October 22, 2002 stated that:
In the past two weeks, Zone-H.org proprietor Roberto Preatoni said defacements have increased to more than 500 separate attacks a day and more than 1,500 over weekends. A year ago, he said, his site got around 30 to 50 defacement notices a day from hackers. (Wagner, par 2)
There are different types of motives as to why a hacker would deface a website. Some of the hackers’ motives come from either of the following categories: financial, technical, political or social reasons. The hacker who does it for financial reasons does it because of individual gain. “Corporate espionage, financial institutions, and even people who are pirating (or cracking) software for profit, fit into this category” (AntiOnline, par 13). This type of hacker doesn’t want to be known or discovered. A hacker doing it for technical reasons is very rarely seen. This type of hacker feels like they are hacking in order to assist. In their minds they feel like they are helping progress the evolution of technology. “They feel that by breaking into systems, and showing their weaknesses, they're able to "force" the industry (or a particular organization, such as the US Military) into fixing problems” (AntiOnline, par 8). Someone doing it for political reasons either has strong political beliefs or is facing strong political hardships. They break into systems in order to get their opinions heard. Finally, the most common type of hacker is one who defaces a website for social reasons. They are sometimes known as having a gang state of mind. “They hack to try to gain peer acceptance, a feeling of self superiority, or a feeling of control” (AntiOnline, par 6).
There is hardly ever a financial or commercial purpose for website defacement and cyber graffiti, which is another word used for website defacement (etest associate, par 1). And since there is no money or commercial purpose involved, this inevitably means that all websites are targets for these types of attacks. Attacks to websites are on the increase, as mentioned before, and it is quickly becoming a new alternative hobby for a whiz-kid hacker-elite (etest associates, par 1).
By a hacker simply looking and browsing for security holes in the web server technology, they find new or frequent holes which allow them to gain access and change the content on the website (etest associates, par1). A hacker could essential put up anything they want to, be it some sort of logo, political propaganda or maybe something simply offensive like pornography or violent images. This would in fact devastate businesses costing them thousands of dollars and scaring away many of their customers by the hundreds or thousands, or even more. It is also very embarrassing when it happens as it tells people that visit your website that a hacker was there by reading their messages, but also that your security was weak and ineffective as well (Hacker Notes, par 6). An example of this would be if:
Your site accepts credit cards or requests personal data from visitors. The fact that it was defaced can easily scare away hundreds, thousands or even more customers, simply out of fear that their credit and other personal information is now at risk. (Hacker Notes, par 1)
Website defacement is frequent and it occurs a great deal more than webmasters or administrators would like to admit (Hacker Notes, par 8).
One of the most common issues with the web server, which is how hackers get in to deface websites, has nothing to do with un-patched software viruses or misconfigured options, but it has merely to do with assets that are improperly protected (Hacker Notes, par 1). Web servers are such massive and complex programs with so many different options that it is no wonder some assets are left unnoticed accidentally at times:
Not only does the server have its own set of things to be concerned about, but individual websites, user accounts, directories (folders) and even web pages can have their own settings, privileges and protections. (Hacker Notes, par 2)
Can you picture someone trying to maintain all of those thousands of pages on a website, with hundreds of authors, webmasters, each having their own configuration settings in order for them to work properly? (Hacker Notes, par 2).
When working with web servers, sometimes it is mostly just the case of settings that have not been done or configured correctly. One of the most probable reasons of website defacement is due to the fact of incorrect protection of website pages, folders and applications. Incorrect protection seems to be more common than correct protection and incorrect website configuration seems to also frequently happen far more than most people would like to imagine (Hacker Notes, par 3). This also seems to be true for most web server platforms, including Apache and Microsoft’s IIS, who are the major companies when it comes to web server platforms (Hacker Note, par 3). What does this all mean? What this all means is that there is a “fertile ground for hackers, crackers and others to find holes in the security of web sites” (Hacker Notes, par 4). The flaws allow a web site to be modified in such a way that it does something which its designers did not intend for it to do.
How does website defacement occur? First the intruder or hacker uses some means of getting into the server. The hacker could either overflow a buffer or insert some malicious code which runs at a high privilege to give him access, or he or she could merely just break into a poorly secured application written in some form of language. The hacker could also simply just guess or steal a password to an administrator or highly privileged account (Hacker Notes, par 9). Once a hacker gains access to a web server he can practically do anything. Then the hacker could simply just inspect the system or steal or destroy databases. Once the hacker does what he intends on doing he may leave a message. This part is the easiest as they can simply just edit the page by adding some graphics or text which communicates the appropriate message (Hacker Notes, par 11).
What can a website do to try to prevent itself from being defaced? “If you own or operate a dedicated server then follow the security recommendations of CERT, the NSA and your vendor” (Hacker Notes, par 12). You must stay in contact with diverse security newsgroups, newsletters, and any other form of information so that you know what types of vulnerabilities are present. People should at all times have their systems up-to-patch, audit their applications and file security on a normal basis. You should also constantly guard your web server with a good quality firewall and follow first-class protection practices on your network (Hacker Notes, par 13).
In conclusion, website defacement is wrong and should not be done for any reason at all, be it a political, social, technical or financial reason. Website defacement causes businesses money and looses them customers. It is also growing more and more every year as the internet gets bigger and bigger. Lack of security and misconfigurations are the main causes of website defacement. Website defacement can only be stopped with better security and good configuration.
Works Cited
AntiOnline:Maximum Security for a connected world. 03 Nov. 2003 < http://www.antionline.com/fight-back/What_Is_A_Website_Defacement_And_What_Does_It_Look_Like.php>.
etest associates-Website Defacement and Security Testing. etest associates (UK) ltd. 03 Nov. 2003 <http://www.etest-associates.com/pressroom/pr_website_defacement_artcl.htm>
Hacker Notes-Web Site Defacement. 03 Nov. 2003 <http://www.leave-me-alone.com/hackers_defacement.htm>.
Wagner, James. Web Vandalism on the Rise. 22 Oct 2002. 03 Nov. 2003 <http://www.internetnews.com/dev-news/article.php/1485601>.