The eBanksy revolution

The revolution will not be televised, it will be online. The eBanksy movement is rising and businesses need to be ready.

Regardless of your opinions on the morals of virtual vandalism, the actions mirrored on Zone-H.org are illegal in most countries, as the site itself has acknowledged.

In fact, the posting service has said before one of its main purposes is to highlight trends rather than act simply as a forum for defacers, refuting claims it is at the heart of the problem.

Interestingly, Mikko Hypponen, chief research officer at F-Secure, recently informed me one of the service's founders Roberto Preatoni had been arrested before. According to various reports, he was accused of being involved in a spying scandal while working for Telecom Italia.

And yet Preatoni has been a big shot in the security sphere for some time and, having been a mainstay at various legitimate conferences in the past, it appears he has been something of a boon to the security industry as a whole. Make of that what you will.

So, the defacement scene is evidently one where moral values are blurred. Nevertheless, in legal terms it is wrong and anyone involved in it risks being snared by the law.

How to hack

A quick note on how the graffiti artists' are actually going about the work.

The main problem, as many of the defacements themselves note, is a site's security, or problems at a host's end where the website is held. Indeed, mass defacements, which are also celebrated as a mark of achievement, are the result of a hacker gaining access to a hosting company's servers.

One of Zone-H.org's administrators going by the name of Marcelo Almeida recently explained in a website post that poor security was to thank for the boom in defacements.

"Most of the vulnerabilities exploited are on web applications," Almeida said.

"But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers."

Worms and viruses have also been used in the past to gain access credentials and exploit hosts. Sometimes hackers will not just leave their mark, they'll steal data as well.

As noted by Almeida, the methods have largely remained the same since Zone-H.org was launched in 2002, and yet thousands of sites are exploited every week.

"It comes down to patching or poor administration in the web server," Jason Hart, CRYPTOCard senior vice president in Europe and ethical hacker, told IT PRO.

Hart has seen a number of big name organisations hit by eBanksy attacks in the past, from the White House to certain Renault car dealerships. Back in 2006 there were reports of Apple's Korean site being defaced, so this clearly is not something only affecting small timers.

Put simply, organisations of all sizes need to wake up and secure their sites.

"They need to ensure their websites are patched and that they have all the correct security controls in place, with all the latest patches," Hart added.

"They need to constantly monitor their websites. If they are getting a third-party to host their website they need to ensure that the third-party can prove they have adequate security controls in place."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021