Defacement on Government Sites
Government sites is a "delicious" target for defacer. No wonder, many defacements happened in government sites. This defacement by the defacer is motivated by certain motives. Some are related to political issues and some are even just for their fun. As proof of someone ability in attacking government sites in a terrorist manner.
If it is political, they tend to show messages that contain a certain opinion or resistance regarding a particular issue. The example is the defacement felt by UK National Health Services website in 2018 that was hacked by Anoahost - Typical Idiot Security. Its message is quite clear: to remind government site in enhancing the security things.
The one who does defacement just for their fun usually shows their identity with a certain "attack signature" or with a certain image. This is a bit proof of their existence. In 2012, users could not access Google Romania, and instead were redirected to "Algerian Hacker" own defacement screen posted by MCA-CRD.
Observing the frequency of defacement, the possibility of defacement is quite low. But, we shall not underestimate them. Because it may ruin our positive perception on the public service. When it happens, this defacement activity can certainly hinder the performance of an organization if it is not quickly repaired. Of course, our main services shall not be able to provide their functionality to our users.
Later on, we will discuss what is found on a defaced page.
Defacer has a special pattern in their "masterpiece". Let us breakdown it:
- The whole Page Changed, Usually, a page will be replaced with a "special page" created by the defacer. This will cause your web pages to malfunction. This makes your website experience "loss of identity" for a while. The targeted page usually is the homepage.
- The Attack Signature, the defacer usually shows their nickname combined with the words "hacked by, defaced by, etc.". If they want to carry a certain message, they usually also convey opinions that attack the site owner and/or things related to the site organization itself
- Images from another source, to support the message they want to convey, they usually also provide certain pictures to strengthen the message
SentryPage, a defacement monitoring tool, may help you in specific areas regarding the abovementioned defacement, as follows:
- SentryPage monitor your webpage from unusual activities like defacement
- SentryPage has an attack signature database to increase the probability of detecting defacement activity on your site
- SentryPage also tracks all forms of unidentified external resources (such as images that suddenly exist and do not come from on your site's server) as a form of detecting unusual activities.
In convincing you of the performance of SentryPage, you can try our service by taking a 30-day trial first.
No events available