We always focus on protecting data. The idea of phishing, social engineering, and cyber hacks such as DDoS (distributed denial of service) keeps companies on alert at all times for suspicious behavior. However, an even bigger threat to society is defacing websites. While identity theft is a serious crime, defacing a website can cause global panic within a few minutes.
One common focus for hackers is news outlets. These outlets have millions of subscribers, they are ranked well in search engines, and global societies rely on these sites for recent information. Defacing these sites with malicious rumors could cause issues after false information is spread.
An example of this type of threat is the recent Tribune hack. A former employee named Matthew Keys hacked into the Los Angeles Times website and defaced its articles. Matthew Keys was an employee for the media outlet and shared login credentials with the hacking group Anonymous. The group then logged into the site and changed some of its article content.
Although Keys didn’t do the actual defacement, he participated in the hack by giving Anonymous login credentials. He was then tried and convicted under the Computer Fraud and Abuse Act. He’s facing up to 25 years in prison. The jail time is steep for defacing a website, and it was the cause for Reddit programmer Aaron Swartz suicide.
Although the repercussions for hacking a website require years of jail time, it doesn’t stop hackers from targeting big sites to deface them. Usually, the defacement is to push a political agenda or fight governments. Hacktivists are known for this type of activity, so they can get their voice heard and statement’s seen across millions of visitors.
What’s concerning for security professionals is the massive amount of attention these sites get. What happens if a hacker gains access to the server and changes an article to indicate that an anthrax attack is underway. The information could be dangerous for society. The content would be shared on social media and spread like wildfire across the Internet. The result would be massive misinformation that could cause some radicals to take action. The effects could be devastating for the peace of society.
For this reason, site administrators should always be on alert for suspicious behavior. Social engineering is how the LA Times was hacked, and this type of activity is common with disgruntled workers. Always provide permissions to users that need them, and quickly revoke any permissions once the employee is terminated.
Always monitor changes to content. For instance, many content management systems let you set up writers who can only create content, but only editors can change it. Set up a pairing system where two employees offer checks and balances in case one of them goes rogue.
You can’t completely protect your system for disgruntled employees, but you can have the right security systems in place to ensure that they aren’t able to do too much damage should they decide to deface your website.
Leave a Comment