December 30, 2008
• Israeli sites defaced; U.S. sites also targeted
• Tips to secure your site
BIRMINGHAM, Ala. -- This past weekend more than 300 Israeli Web sites were defaced in a period of 48 hours, said Gary Warner, Director of Research in Computer Forensics at the University of Alabama at Birmingham (UAB).
In a Web site "defacement" a hacker violates the security of a Web server and replaces the original content with his own message. Unlike phishing sites that attempt to defraud, the current round of defacements is strictly propaganda.
"As soon as Israel started bombing Gaza we began to look for signs of a cyber response," Warner said. "And we found it in the form of more than 300 Israeli Web sites that have been defaced with anti-Israeli and anti-U.S. messages.
"In the current situation, the hackers supporting Gaza clearly believe Israel and the U.S. are culpable," Warner said. "That means American Web masters may wish to be especially vigilant right now."
"We've seen this type of propaganda war before," Warner said. "The original cyber propaganda war was launched by Chinese hackers in May 2001 after the collision of a Chinese fighter jet with a U.S. Navy plane. Tens of thousands of U.S. Web sites were defaced by Chinese hackers blaming the U.S. for the incident."
More recently, Warner said, the technique has been adopted by radical Muslim hackers, beginning with the defacement of thousands of Danish and American Web sites in February 2006 after the publication of cartoons about the prophet Muhammad. Defacements were again reported against Israeli and U.S. Web sites after the bombardment of Lebanon by Israel in August of 2006.
PROTECT YOUR WEB SITE
Each Web master should decide on an appropriate level of security for his or her own site. A hobbyist Web site may be able to get by with less security than a corporate Web site or a site used for financial transactions. However, Warner said, any site hosted in the United States is at risk in the current scenario. Warner suggests the following to prevent a Web site from being used in the propaganda war.
- Review Web pages regularly for unauthorized changes.
- Search for products used on your Web site at the National Vulnerability Database to learn if they have known security holes.
- Use a strong password and change it regularly.
- Use a secure file transfer program to update your Website.
- Consider having your Web site professionally tested for weaknesses
NOTE: For more information, go to Warner's personal blog at http://garwarner.blogspot.com/2008/12/muslim-hackers-declare-cyberwar-on.html