Ohio Government Website Attack An Example Of 'Hacktivism'
Online vandals yesterday defaced 11 state government websites with messages purporting to be supportive of the so-called Islamic State group.
State officials have since restored the sites, and federal officials are investigating.
I spoke earlier about this kind of attack with Eric Vanderburg. He's head of Information Systems and Security at Cleveland-based cybersecurity firm JurInnov.
He says the website attack did not seem very complex:
VANDERBURG: “There’s the term ‘script kiddie’ which is used for a person who has very rudimentary knowledge of hacking. They basically know where to find the tools, and then they utilize those tools against a wide range of devices, just hoping that the tools alone will get them in, and then they’ll do something basic to it. Real ‘hacking’ you could say is much more complex, it can involve sometimes even years of effort trying to get into a company or into a government organization.”
GANZER: “What happens next, how do you prevent this from happening, and what are some of the state experts probably looking for?”
VANDERBURG: “Many of these sites will run off of some software like Wordpress, or Joomla, or Drupal, something like that. First you have to keep those websites up-to-date, not only that software but the underlying operating system. But also you should be doing vulnerability scanning on your machines. We may find that you still have default credentials from when that software was deployed, well you can apply patches all-day, all-night, and that’s not going to fix that problem, but that’s going to be discovered in a vulnerability scan.”
GANZER: “In the grand scheme of things how big a deal was this vandalism is your opinion?”
VANDERBURG: “Well as we said the technical skill level was already very low, so people often times write this off and say this isn’t really a big deal. However we do need to remember that these ‘hacktivists’ if you want to call them that, are trying to promote a cause and to rally people to their message, and each one of these defacements allows them to show ‘hey we did something.’ Even if that’s something small it builds that message and may rally others who already were believing in that to maybe do even more.”