This weekend more than 300 Israeli websites have been defaced in a period of 48 hours. In a website "defacement" a hacker violates the security of a web server and replaces the original content with his own message. In some defacements, the hacker places a fake banking website (called a phishing site). In others the hacker merely boasts about his prowess as a hacker, similar to a graffiti artist painting his name on the side of a train. The current round of defacements are instead part of a Propaganda War.
We've seen this type of Propaganda War before. The original cyber propaganda war was launched by Chinese hackers in May of 2001 after the collision of a Chinese fighter jet with a US Navy plane. Tens of thousands of US websites were defaced by Chinese hackers blaming the US for the incident. More recently the technique has been adopted by Muslim hackers, beginning with the defacement of thousands of Danish and American websites in February 2006 after the publication of cartoons about the prophet Muhammad, and against Israeli and US websites after the bombardment of Lebanon by Israel in August of 2006.
As soon as Israel started bombing Gaza we began to look for signs of a cyber response. And we've found it, in the form of more than 300 Israeli websites which have been defaced with anti-Israeli and anti-US messages.
One interesting aspect of a cyber propaganda war is that it doesn't matter what size the website is, or how important it is. It only matters WHERE the website is. "In the current situation, the hackers supporting Gaza clearly believe Israel AND the US are culpable. That means American webmasters may wish to be especially vigilant right now.
How do you prevent your webserver being used in the propaganda war?
Webmasters need to decide on a strategy. For many websites, its enough to have a daily review of your content to ensure that nothing has been changed. For more important websites, it would be worth investing in having your website professionally tested for weaknesses.
Some very common exploits can be avoided by applying security patches. If your website uses programs which you downloaded from a vendor, please be sure to check with that vendor's website regularly to determine if new versions are available. Many defacements occur when hackers scan for websites which are running vulnerable software, such as a common PHP program, image program, forum software, or other webmaster utilities, such as web statistics programs. One quick way to see if your software has a security vulnerability is to check the National Vulnerability Database, where you can search for the name of your product.
We have also seen many websites exploited recently because the password for the webmaster has been stolen. Just as with all passwords, its important to choose good passwords, and change them regularly. Its also important to use secure methods of uploading. "FTP" sends your userid and password in plain text when you upload your web pages. Using "Secure FTP", which is often packaged with SSH, will make sure your passwords are encrypted when uploading files to your website.
I originally posted images from the Propaganda War on this blog, but have been asked by more than a dozen individuals already, to remove them from my blog. While I don't condone censorship, I also don't want to shock anyone by seeing pictures of disfigured children and threats to destroy the United States.
Some of you WILL have a professional reason to need to see these images. If that is you, please email me, and I will provide you with a private weblink, not affiliated with any official source, only with me personally. Please email firstname.lastname@example.org - and please use the email Subject: Propaganda War, and include why you need to see these images.