The eBanksy revolution

Regardless of your opinions on the morals of virtual vandalism, the actions mirrored on Zone-H.org are illegal in most countries, as the site itself has acknowledged.

In fact, the posting service has said before one of its main purposes is to highlight trends rather than act simply as a forum for defacers, refuting claims it is at the heart of the problem.

Interestingly, Mikko Hypponen, chief research officer at F-Secure, recently informed me one of the service's founders Roberto Preatoni had been arrested before. According to various reports, he was accused of being involved in a spying scandal while working for Telecom Italia.

And yet Preatoni has been a big shot in the security sphere for some time and, having been a mainstay at various legitimate conferences in the past, it appears he has been something of a boon to the security industry as a whole. Make of that what you will.

So, the defacement scene is evidently one where moral values are blurred. Nevertheless, in legal terms it is wrong and anyone involved in it risks being snared by the law.

How to hack

A quick note on how the graffiti artists' are actually going about the work.

The main problem, as many of the defacements themselves note, is a site's security, or problems at a host's end where the website is held. Indeed, mass defacements, which are also celebrated as a mark of achievement, are the result of a hacker gaining access to a hosting company's servers.

One of Zone-H.org's administrators going by the name of Marcelo Almeida recently explained in a website post that poor security was to thank for the boom in defacements.

"Most of the vulnerabilities exploited are on web applications," Almeida said.

"But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers."

Worms and viruses have also been used in the past to gain access credentials and exploit hosts. Sometimes hackers will not just leave their mark, they'll steal data as well.

As noted by Almeida, the methods have largely remained the same since Zone-H.org was launched in 2002, and yet thousands of sites are exploited every week.

"It comes down to patching or poor administration in the web server," Jason Hart, CRYPTOCard senior vice president in Europe and ethical hacker, told IT PRO.

Hart has seen a number of big name organisations hit by eBanksy attacks in the past, from the White House to certain Renault car dealerships. Back in 2006 there were reports of Apple's Korean site being defaced, so this clearly is not something only affecting small timers.

Put simply, organisations of all sizes need to wake up and secure their sites.

"They need to ensure their websites are patched and that they have all the correct security controls in place, with all the latest patches," Hart added.

"They need to constantly monitor their websites. If they are getting a third-party to host their website they need to ensure that the third-party can prove they have adequate security controls in place."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.