banner

Web Defacement Examined

Written by

Author: Val Morales
Web Defacement Examined
The modern day internet as we know it, is no longer a text based system used for sharing files among universities as it used to be many years ago. In today’s internet there are all types of multimedia, graphics, animation and so forth. People are now able to hold databases online, conduct blogs, forums, chat, and use many other forms of communication. As technology advances in favor of more potent and efficient means of transferring data and as the internet becomes more elaborate, so do the hackers.

Common day non-technical people now have to deal with constantly upgrading, patching, and employing anti-virus software in order to protect themselves from attacks and vulnerabilities. The issue I will be addressing has to do with website security, specifically website defacement. Website defacement might not get as much publicity as the other forms of attacks on the web, but that is not to say it is not as prevalent. Here I will address three facets of web defacement; the vulnerabilities that allow a hacker inside your website, how the hacker defaces the website, and how to prevent website defacement.

An important and often overlooked aspect of web design is web security, securing your website is an extremely important step in maintaining data integrity and availability of resources. Availability issues are raised along side security issues because if the hacker fails to deface your site, he might then proceed to attack it with a DOS (Denial of Service) attack, thus rendering the site inaccessible.

Some of the vulnerabilities websites have are simple to patch or prevent. For example, when coding html do not try to hide your passwords in the html code. This sounds like a reasonable first step to protecting your website, but many web developers out of laziness do this. Also, don’t try to hide anything within your comments or documentation that might reveal too much in the way of your schema or design of elements such as a database.

CSS as in cross-site scripting is another vulnerability in websites. The most common form of this style of attack is done in message boards and forms. It essentially exploits improper validation of forms and malicious code not being detected in message boards (Sharma, 2004).

Error handling can also cause unwanted consequences on a website. If a web application does not know how to handle certain errors, hackers can then exploit these errors to their advantage.

All of the above mentioned vulnerabilities can be taken advantage of by hackers, but how? Hackers can gain access through a variety of methods. For the first vulnerability mentioned; passwords embedded in the site’s HTML code. The method to hack this vulnerability or find them is rather simple. Hackers perform a tightly written query in a search engine such as Google, including the specific parameters they are looking for.

Hackers know that the search engine parses through the HTML of a website and in the process points them to potential victims. Search engine company’s can not do much about this since restricting the parsing of HTML would also restrict the vast majority of the legitimate searching that goes on.

Cross-site scripting is a little bit harder for the hacker to perform. In this scenario the hacker writes a malicious script, in any of the scripting languages, such as, JavaScript, VB script, and others. The hacker then goes to a site with a message board and in the message board he will put a script as a link along side a seemingly normal message. Users of the board might then click on it and then be affected. Another form of this is done by pasting a script into a form field and causing certain errors which then gives the hacker a back door to get in by.

Web sites that handle errors incorrectly are also at risk. One form of hack is to cause errors which then give the hacker an opportunity to get inside and do what he wants to do such as web defacement. When a hacker finds a site that has inappropriate error handling, the hacker seizes the opportunity and causes continual errors until he finds a door in.

Web site defacement is usually regarded as internet graffiti. However, many times there is a political statement to be made. To make matters worse, hackers usually target sites that will get them the publicity they are seeking. For example, this site belonging to

Figure 1 Hong Kong official government website.

the Hong Kong official government was hacked by Chinese hackers making a political statement by embarrassing the prime minister and his wife. This is a perfect example of why web defacement should be paid attention to more closely and be protected against.

To protect a website against such attacks there are various methods. First, do not write any code, passwords, or schemas within the HTML of your website that will give hackers clues searching for victims something they can work with. Secondly, create proper and strict form validation, allowing too many value types can open a backdoor for the hacker. Lastly, beware of the security in your message boards. Script kiddies are known to use widely available malware and code to get in through message boards.

Another more expensive and perhaps viable option is buying software designed specifically to protect your website. For example, www.catbird.com offers software specifically made to ensure content integrity on your site. The way it works is rather simple, but powerful; every two minutes it checks the pre-approved content authorized by you against any changes made and will promptly warn you. No price is mentioned for this software. Another Web application designed to protect sites is WebAgain by Lockstep. Here is what Jim Rapoza of eweek had to say;

“WebAgain is a simple application that sits as a kind of staging server where site authors send their content. The tool uses FTP or a network share to send new content to any Web server and to check if pages have been changed on the site. Checks can be made as often as required.”

For the price of $995 this software not only checks multiple sites for content change or malware being added but it will also reinstate the site to its original state if defaced.

In recent years there has been a sharp increase in web defacements; the catalyst for this is unknown. One event in particular that did spur many website defacements was the Iraq war, specifically at the onset of the war. Below there is a graph obtained from www.f-secure.com, a website focused on security and cataloging many of the defaced sites. This graph in particular lists week 10-12 of the Iraq war.

Figure 2 Website defacement during weeks 10-12 of the Iraq war.

Website defacement is an extremely important topic that should warrant as much focus on security as any other area of information Technology. If a hacker is able to deface a website, this essentially means that a serious breach has occurred. Many defacers do it as a form of internet graffiti, but once inside your website a lot of information can get stolen, such as credit card numbers and other personal information.

There is also a seriously more sinister side to web vulnerabilities, cyber war or cyber attacks from terrorist organizations. “Al Qaeda spent more time mapping our vulnerabilities in cyberspace than previously thought” Confirmed Roger Cressey, The chief of staff of the White House critical infrastructure protection board (Trendle, 2003). Highly skilled programmers in groups like Al Qaeda or others in organizations pose a serious threat to websites and the data in them.

Web defacement once considered a joke or a prank pulled off by kids is now considered a major threat to websites. It used to only embarrass the company who had gotten defaced. However we are now seeing it evolve into more sinister and dangerous intentions. Personal information such as credit card numbers or other forms of identity can be picked off by savvy hackers who manage to break into a website. For these reasons, web defacements warrants serious considerations from security experts and should be a top priority for any website owner.

References:

Rapoza, J. (2002, February). A more useful WebAgain app. Eweek, 19(7), p48 Retrieved September 15, 2004 from the Science Direct Database

Sharma, A. K. 2004, February 03 Prevent a cross-site scripting attack. Retrieved September 12, 2004 from http://www-106.ibm.com/developerworks/library/wa-secxss/

Trendle, G. (2003, June). Cyber Threat! Middle East. Issue 335, p38. Retrieved September 12, 2004 from the Science Direct Database Graphics

About the Author:
Val Morales is a hobbyist programmer and blogger. He maintains www.barrelofcrafts.com[divider]

Article Categories:
Security

Leave a Comment

Your email address will not be published. Required fields are marked *


*

captcha

Please enter the CAPTCHA text