Security experts at ESET Ireland have been following some big news headlines recently, about the Irish Freedom of Information website and Dublin Rape Crisis centre website “hacked” by ISIS, but have serious doubts this has anything to do with the terrorist group.
This week we saw media reporting the Freedom of Information website was hacked by a pro-Palestinian group, suggesting that attack might be somehow related to the attack a while back on the Dublin Rape Crisis centre website which mentioned ISIS in the defacement message.
Well, first of all, proper hacking and website defacement, also known as “electronic graffiti”, are two different things. Hacking into some organisation’s database and stealing their data is a feat that requires a lot more skill than just defacing a website and posting “Hacked by HolaKo” and “We are the best of the rest. Free Palestine #SaveGaza” as was the case with the Freedom of Information website.
Secondly, most of these recent defacements happened to organisations that were hosted on WordPress (apart from the ones in Ireland also The Sequoia Park Zoo in California, the MERS Goodwill charity in St Louis and the Moerlein Lager House in Cincinnati, USA), which could indicate a security flaw in the WordPress server itself, attracting the unwanted attention of hackers.
And thirdly, all sorts of websites have already been targets of “electronic graffiti”, from religious sites to governmental ones. And while a media headline “FBI hacked” may sound impressive, the organisation’s actual servers and databases are usually left intact. Commonly assumed these attacks come from any group opposed to that particular website’s agenda, it can just as easily be the work of provocateurs or ambitious young hackers trying to gain some notoriety and attracting media attention by using known names such as ISIS or Anonymous. Even though the FBI is investigating such attacks, there is no real indication of any connection between these defacements and the known terrorist group.