The eBanksy revolution

The revolution will not be televised, it will be online. The eBanksy movement is rising and businesses need to be ready.

Regardless of your opinions on the morals of virtual vandalism, the actions mirrored on Zone-H.org are illegal in most countries, as the site itself has acknowledged.

In fact, the posting service has said before one of its main purposes is to highlight trends rather than act simply as a forum for defacers, refuting claims it is at the heart of the problem.

Interestingly, Mikko Hypponen, chief research officer at F-Secure, recently informed me one of the service's founders Roberto Preatoni had been arrested before. According to various reports, he was accused of being involved in a spying scandal while working for Telecom Italia.

And yet Preatoni has been a big shot in the security sphere for some time and, having been a mainstay at various legitimate conferences in the past, it appears he has been something of a boon to the security industry as a whole. Make of that what you will.

So, the defacement scene is evidently one where moral values are blurred. Nevertheless, in legal terms it is wrong and anyone involved in it risks being snared by the law.

How to hack

A quick note on how the graffiti artists' are actually going about the work.

The main problem, as many of the defacements themselves note, is a site's security, or problems at a host's end where the website is held. Indeed, mass defacements, which are also celebrated as a mark of achievement, are the result of a hacker gaining access to a hosting company's servers.

One of Zone-H.org's administrators going by the name of Marcelo Almeida recently explained in a website post that poor security was to thank for the boom in defacements.

"Most of the vulnerabilities exploited are on web applications," Almeida said.

"But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers."

Worms and viruses have also been used in the past to gain access credentials and exploit hosts. Sometimes hackers will not just leave their mark, they'll steal data as well.

As noted by Almeida, the methods have largely remained the same since Zone-H.org was launched in 2002, and yet thousands of sites are exploited every week.

"It comes down to patching or poor administration in the web server," Jason Hart, CRYPTOCard senior vice president in Europe and ethical hacker, told IT PRO.

Hart has seen a number of big name organisations hit by eBanksy attacks in the past, from the White House to certain Renault car dealerships. Back in 2006 there were reports of Apple's Korean site being defaced, so this clearly is not something only affecting small timers.

Put simply, organisations of all sizes need to wake up and secure their sites.

"They need to ensure their websites are patched and that they have all the correct security controls in place, with all the latest patches," Hart added.

"They need to constantly monitor their websites. If they are getting a third-party to host their website they need to ensure that the third-party can prove they have adequate security controls in place."

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Most Popular

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020
Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020