The website of Keighley Cougars Rugby League team has become the latest victim in a string of politicised pro-Islamic State hacking incidents.
The rugby club’s homepage was defaced with the messages “I love you Isis” and “Hacked by Team System DZ”, along with claims that the “State of Islam” is expanding. Images and music were also posted.
Team System DZ are a group of so-called ‘hacktivists’ - hackers who deface websites for idealistic or political reasons. They have recently targeted a number of seemingly obscure sites: a Florida synagogue, a seafood restaurant in the same state, New Brunswick University’s Student Union, and pro-Israel rapper Kosha Dillz.
Who’s next?
This disparate list begs the question, ‘Who’s next?’ And why focus on apparently small targets?
As one might expect, religious organisations and government agencies are regular targets of hacktivists. More surprisingly, though, it seems that any website, no matter the size, is a potential target for both hacktivists and self-styled ‘virtual graffiti artists’ – hackers with no political or religious motivation who choose to leave their ‘art’ on other people’s websites.
Fact is, any political hacktivist referring to Isis is likely to get plenty of bang for their buck right now, no matter how small the website following is: Isis is big news – any stunts give hackers their much sought-after publicity and give the media their much sought-after readership.
Hackers who indulge in website defacement are not just doing it for political or religious reasons. Often they do it just for the thrill of it; some of them publish their successful cracks on a league table and – kid you not – there are prizes up for grabs for the greatest number of hacks.
Their field of play covers low profile websites as well as big businesses which they know will have installed tighter security measures - these being more of a challenge i.e. more fun than the uncomplicated missions at the other end of the scale.
With over 30,000 websites being hacked each day, it would appear, then, that hackers like a varied diet of both quantity and quality, and any website is game.
Pitch invasion
Surely the last thing the Keighley Cougars expected was a pitch invasion by hackers, and the publicity they’ve received can’t be the kind a rugby team would want. But they’ll recover, and the incident will dwindle to nothing but an anecdote shared over a pint in years to come.
But it’s a different matter altogether when a company website is hacked and defaced: customers become unsettled to the point of hostility and withdrawal of custom; they expect better security measures from the business community than they do from their local sports club, synagogue or fish-and-chip shop.
Protect your website
Gaining unauthorised access to a website can be very straightforward, requiring little effort or guesswork on the part of hackers. They use automated programs (‘bots’) to search for weak entry points on websites. And they keep scoring: just a few months ago, 50,000 WordPress websites were hacked after just one hole in a plugin was exploited.
No matter which website development software you use, there are some essential defensive measures you can take to protect your site:
- Set any updates to be applied automatically, to avoid missing any critical patches.
- Create more than one admin user login, so that hackers can’t lock you out.
- Do regular backups, so you can recover your website content more quickly.
- Limit the number of login attempts by any one person, to prevent a brute-force attack.
- Use strong passwords of 15 or more characters. Test them on a strength meter.
Of course, the invasion of your website may never happen…but only if you’ve taken the right steps!