In the past, when activists wanted to make a statement, they would spray graffiti on a wall or march outside an organisation’s building carrying placards.
The digital age has provided activists and vandals with a completely different set of tools that have proved to be just as, if not more, effective than the traditional methods of protest.

Trend Micro has released a report, “Digital Vandals”, which delves deep into the minds and methods of cyber vandals and hacktivists.

Geopolitical events have triggered these attacks, and one of the factors that comes into play with the attacks is the religious beliefs of the attackers.

“Trend Micro analysed the data to get a clear picture of what methods attackers are using and the reasons behind their attacks,” says Anvee Alderton, channel manager at Trend Micro, Sub-Saharan Africa. “We took into account metadata provided by some of the attackers themselves.

“In all, the data was gathered from 13-million defaced websites, from five independent data sources in order to build a comprehensive understanding of the perpetrators and their methods.”

Website defacing dates back to 1998, and the data gathered from the defacers has revealed more than 30 different methods of vandalising websites.

Defacers are different from other cyber criminals in that they are quite happy to leave their contact details on the pages that they have defaced. It would appear that these hackers were keen to advertise themselves along with their slogans or political statements.

“We’ve come to refer to co-ordinated defacement attacks as a campaign. The attacks are launched usually in reaction to certain events on the world stage, or to push a specific political movement or agenda as well as airing grievances publicly. The ‘Digital Vandals’ report highlights several of these attacks and discusses them in detail,” Alderton advises.

What has come to light is that defacing groups are loose affiliations and that members are often active in more than one group. The people involved in these groups are quite comfortable sharing toolkits, defacement templates and even target lists with each other. Because the goal is to make some sort of statement, sharing information and tools is commonplace.

“Some of these groups even set up forums and have discussions and tutorials on how to use various tools and exploits. We have discovered that most of these defacements are benign, however, the data on the servers that were compromised in the hack is vulnerable and sensitive. Digital defacement could provide a perfect opportunity for redirecting visitors to pages that may then install malware when downloaded,” Alderton explains.

Protection is imperative. Basic security such as strong passwords, the correct configurations, security policies and firewalls cannot be overlooked. Secure coding is also vital, along with patching systems and networks on a regular basis. Multi-layered protection is ideal to deter the defacers.

“Defacers are more than an annoyance. They can do reputational as well as financial damage to an organisation. Treat your company’s website as you would the actual walls and buildings of the organisation itself: make sure it has the best available security and protection,” Alderton adds.