It has been reported that hackers have managed to access hundreds of websites across the US to post pro-ISIS messages, including images of Saddam Hussein and a recruitment video.
The hacking group that goes by the name of “Team System Dz” claimed responsibility for the hack, which that took place around 4am EST on Monday (6 November).
SchoolDesk, the Atlanta, Georgia-based web hosting company servicing these sites, has confirmed the attack.
SchoolDesk said it “immediately responded” and took all affected sites offline “until the situation could be fully researched.”
“Our technical staff discovered that a small file had been injected into the root of one of the SchoolDesk websites, redirecting approximately 800 school and district websites to an iFramed YouTube page containing an audible Arabic message, unknown writing and a picture of Saddam Hussein,” SchoolDesk said in a statement.
“Although the exact method and point of intrusion is not yet fully known (possibly an SQL injection or through a user account with a weak password), we have added multiple layers of redundant protection to prevent this from happening again, as well as taking many additional methods to research how this was accomplished and by whom.”
The compromised sites featured a black background with a photo of former Iraqi leader Saddam Hussein, along with the Arabic message seen on the Isis flag that reads: “There is no god but Allah” and “Mohammed is the Messenger of God.”
Commenting on this news, Mark James, Security Specialist at ESET, said “Interlinked systems and network’s spanning across many areas have the greatest potential for widespread attack – after all, if you are able to target a less secure area or compromise a low level user that has more access than they should, your avenue for attack is a lot easier than going straight through the usually well protected front door.”
>See also: Nation State hacking: a long history?
“In this case, gaining access to change or plant a rogue file that redirects users to areas of your design is about as simple as it gets- small footprint, no potential warning signs and out before anyone notices; but the results are as bad as they get- often the term “hack” gives an impression of hard work, expertise and long hours in front of a keyboard trying to gain access to complex systems using everything you have, but this is not always the case.”
“Sometimes it’s the simple approach that causes the same effect; without knowing exactly how the entry was gained it’s hard to give the right advice but as always ensuring complex passwords or Two-Factor authentication is used to protect any accounts that have access to core areas of your websites or systems, and ensuring the latest patches are applied on top of using the latest most up-to-date operating systems- and of course , last but not least, a good regular updating multi layered internet security product installed on all endpoints and servers.”
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate