Watching the news recently, I was amazed to see that an online hack on Sowerby Primary School in Thirsk, North Yorkshire, had made the headlines. The hacker, who goes by the tag “X-saad”, had hijacked the school’s homepage and replaced it with a hate message directed at the United States and Israel.
But it wasn’t the hate messages that surprised me. What surprised me was that this story had made the news at all.
It’s not what I would personally class as a full hack – it’s what we’d call a website defacement. This is an entry-level hacker, who hasn’t gained any actual information from the school. There’s very little threat or real malice, despite the hate messages, and I think it’s almost certainly automated as well.
At Giraffe, we deal with and clean up this sort of thing on average once a month. It happens all the time. The problem usually stems from people using very common software for their website, which subsequently makes it an easy target.
In this case, it was WordPress. WordPress is a great tool – it’s user friendly, looks good and is free to set up. But there’s a downside. If you don’t keep the software up to date, you’re a target for hackers. Using WordPress leaves an online footprint that can be scanned for very easily. Once I see a website built on WordPress, my automatic reaction is to find out which version is being used.
If the version is outdated, hackers will know they can run a simple “exploit” and, just like that, the website is taken over. Once you’ve compromised one server you can use it to launch attacks and hide your identity. In this case, it just so happens that the hacker stumbled upon that website with the vulnerability he was looking for, and took advantage.
The school’s website was a domain that had recently expired and then been reactivated. I think this hacker had set up an automated “bot” that was scraping around for expired domains. The bot exploited the weakness and as soon as it did, sent an email out to the hacker reading “Master, there is another slave at this web address”. I did a quick scan and found many more sites that had been taken over in exactly the same way by the X-saad.
The news coverage suggested some parents were terrified, convinced extremists were going to target their children. This was never the case at all, and the police were right to confirm there was no risk to the children.
But it does show the importance of internet security. It may only be a few simple steps to prevent such things happening, but if hackers are opportunistic, and waiting for you to drop your guard.
In my next blog I’ll give you a few simple way to keep the hackers at bay.