Understanding Motivations and Methods of Web Defacement [source: trendmicro]
by CIRT Team
Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement—the act of compromising and vandalizing a website. Typically, these attackers—known as web defacers—replace the original page with their own content, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. We’ve analyzed data that goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.
While previous research focused on detecting these attacks, the reasons or motivations behind them were unexplored. Hacktivists represent part of the problem since they use web defacement to promote their specific agendas, but defacers can have many different motivations. This is what our research focused on—the events that trigger web defacements and the methods the defacers use. We examined over 13 million web defacement reports across different continents. And using machine learning, we gathered, analyzed, and clustered these reports to gain more insight into the patterns of these defacements.
The Causes of Web Defacements
It comes as no surprise that geopolitical conflicts often leak into the digital world. Our research showed that hacktivist web defacement is typically caused by a political event or active conflict. We identified different notable web defacement “campaigns” involving defacements that are not single instances but have both momentum and support from different defacers.
Most of the campaigns can be linked to intense political conflicts that go back decades. Sudden events trigger specific web defacements; the violent Charlie Hedbo attack and the attacks on the city of Aleppo prompted a surge of web defacements.
For more, click here.