By Ayodele Pompey, Internet Consultant
Sometime over the last weekend, the official website of the government of St. Vincent and the Grenadines was hacked. Hackers infiltrated the website and replaced the home page with their own webpage suggesting that the website was hacked by ISIS. News of the hack has spread quickly throughout social media and via news websites across the region.
- Islamic State hacks St. Vincent government website
Understandably, there is a bit of panic as persons are not sure what is affected and how this breach of “national security” will affect the country or their own systems. Questions like the following are being asked:
- Why is ISIS targeting St. Vincent and the Grenadines?
- Is it really ISIS? or was it orchestrated by the opposition?
- What is affected?
- Who should we blame?
- Is it safe to visit the website again?
- What are the repercussions?
- Could this have been avoided?
- Does the site have malware?
- Will it affect my computer?
Why is ISIS targeting St. Vincent and the Grenadines?
It is very highly unlikely that ISIS targeted St. Vincent and the Grenadines (you can wipe the sweat from your forehead). The hacker is most likely what we call a script kiddie. These are young upcoming hackers who just hack for fun and fame. They use automated crawlers to identify websites on the internet with known weaknesses. Once a website is found, they proceed to hack the website and leave a page so that their hacker friends will know it was their hack by leaving their hacker handle — Moroccanwolf in this case. The more websites they hack the higher they rank in their hacker community.
Is it really ISIS? or was it orchestrated by the opposition?
Maybe it is not ISIS but it is a hacker who supports ISIS. No, it isn’t the opposition. You can safely forget that argument.
What is affected?
It is unclear what is affected. However, these type of hacks are generally limited to the web server file system and/or the website database. In these cases, the hacker replaced files on the server or through some known vulnerability altered information in the website database.
Who should we blame?
Well, our first instinct is to blame the persons responsible for maintaining the website but it may not be that straightforward. Gov.vc was initially built using Joomla 1.5. Joomla is now at version 3.4.1. Maintaining the website not only means updating Joomla but also updating all the modules, components, plugins and custom code that may not work post updating. To be fair, Gov.vc is a big website and updating is a tedious process that require manpower and resources to keep up to date. Maybe it wasn’t seen as priority. Maybe the resources were not available. Who knows? I should hasten to add though, even if the software is up to date, it can be hacked. However, from my observation, it wasn’t up to date.
Is it safe to visit the website again?
Firstly, everyone should have an up-to-date anti-virus, anti-spyware, anti-everything installed on your computer. The internet is not safe.
At the time of writing, the website is down. I imagine the website is being restored to an earlier backup. This backup would need to be scanned for malware. The site should then be updated to the latest version, checked for compatibility, update information that may have been lost and a vulnerability audit conducted on the website and server before going live again. The site would be safe again to visit.
What are the repercussions?
Well, besides losing credibility and the confidence of hundreds of thousands of users, if not dealt with immediately it could be blacklisted by search engines and other websites.
Could this have been avoided?
There are website maintenance best practices that drastically reduce the possibility of something like this happening. However, no system in the world is totally immune to hacks. In information security, we say residual risk is never zero. The largest websites and networks in the world are hacked. Gov.vc should consider having a dark site for crisis response though. The website should not be totally offline.
Does the site have malware?
It probably does.
Will it affect my computer?
If the site has malware, it can harm your computer. However, as stated above, you really should have protection on your computer. Most browsers would alert you as well if a website is infected with malware.
Even though this is obviously a very serious incident, there is no real reason for the general public to panic. Practice general internet safety and you should be alright.
(First published on LinkedIn. Republished with permission.)