Website defacement is increasingly becoming a staple in the toolkit of activists looking to bring attention to their causes online, according to a report from cybersecurity company Trend Micro.
This sort of hacktivism has experts worried that the types of hackers behind these seemingly benign attacks will eventually turn to more threatening cybercrime.
Website defacement is a form of protest by which hackers take over a domain and replace the usual website with propaganda promoting a particular cause. It’s a protest sign that blocks access to a website that the hackers in most cases see as an enemy to their cause. The Trend Micro report highlights seven geopolitical events and conflicts that have been a major motivator for defacement incidents. They include:
- Israeli military operations and land occupations in Palestinian territories
- French magazine Charlie Hebdo publishing a controversial cartoon depicting the Muslim prophet Muhammad in 2o15
- border disputes between India and Pakistan
- Syrian airstrikes targeting residential areas in the country’s ongoing civil conflict
- the disputed status of Kosovo
- disputed islands in the South China Sea
Pakistani hackers surfaced as a major player among the 13 million website defacement incidents studied by Trend Micro from the past two decades. Of note, Trend Micro found that the “Free Kashmir” campaign had more website defacements than any other campaign studied. The campaign has been led since 2011 by hacking groups known as ZCompany Hacking Crew and Muslim Liberation Army. The hackers take over Indian websites and messages protesting human rights violations and persecution of Kashmiris along the disputed India-Pakistan border region.
The findings might suggest that Pakistan is emerging as a more prominent actor in cyberspace in general. A report released last week by bug bounty company HackerOne highlighted the country as one of the top recipients of payouts from bug bounty programs globally. Researchers from Pakistan received a total of $647,339 through HackerOne in 2017. Pakistan also has the fourth largest number of HackerOne participants, behind the United States, India and Russia.
While Trend Micro says hackers involved in website defacement are seemingly content with just visually taking over a website, the report predicts that their tactics could shift to a more harmful nature. Hackers could try to monetize their defacement activities using ransomware, for example.
“[T]he delineation between pure web defacement and cybercriminal or cyberespionage activity is disappearing. Hackers are now increasingly involved in developing web shells (backdoors to maintain access to compromised web servers), and also delving into doxing and leaking stolen data. After defacing websites, the next step would seem to be capitalizing on the available information on compromised sites,” the report reads.