Turmoil fuels ‘hacktivist’ attacks on Web sites
SAN FRANCISCO — For about 90 minutes Wednesday, visitors to the Oregon University System’s Web site found themselves taken for a ride they didn’t ask for. They were redirected to another site under the control of a hacker, who posted an 89-word screed criticizing the protests in Iran.
“We never cheated in elections,” the site read, in black and red. The message included invective aimed at President Barack Obama and made derogatory comments about Iranian opposition leader Mir Hossein Mousavi, who claims the June 12 presidential election was rigged.
As Internet attacks go, this type isn’t uncommon, and the site was quickly restored to normal. The attack also didn’t appear to harm visitors’ machines: The site appeared to only serve up a political message rather than a computer virus, as some hacked sites carry. Very few people were likely affected, too: The site averages fewer than 1,000 hits a day.
What the incident shows, though, is how political turmoil can spill quickly into unexpected parts of the Internet, as sites that have nothing to do with a conflict often get hijacked and turned into bully pulpits for so-called “hacktivists” bent on advancing a political cause, rather than making money.
“It’s a bit like graffiti on the subway,” said Graham Cluley, senior technology consultant with Sophos, a computer security software company. “Web sites that aren’t properly protected are like blank subway walls. Hackers can come by and spray their political messages.”
The schism in Iran over the disputed presidential election has already led to a range of Internet attacks. Some activists have been urging supporters to try to take down government sites with so-called “denial-of-service” attacks, in which the sites are flooded with so much Internet traffic that their servers buckle. Mounting those attacks can be relatively easy using widely available hacking programs.
That assault may be working: Many official Iranian sites are currently inaccessible, though it’s unclear whether the outages are hacking-related. For its part, Iran has employed filtering technology to restrict what sites people in the country can visit.
The incident at the Oregon University System, which oversees Oregon’s seven public universities, is just one example of what happens repeatedly whenever a political conflict flares these days. The war in Iraq, fighting in Israel, the Beijing Olympics and the Russia-Georgia conflict all saw examples of hackers commandeering sites to push their political message.
Sites that are hacked in this way aren’t necessarily targeted for their political affiliations. Instead, hackers seek them out because of security vulnerabilities in their computer networks. Those vulnerabilities can be simple to find with automated tools hackers have built to sniff out weaknesses in Web sites’ programming code.
Figuring out the culprits is usually very hard, sometimes impossible, because it’s easy to cover your tracks online. And unless the hackers leave some kind of hint that they’re associated with a larger criminal gang, there’s little chance law enforcement will get deeply involved.
“More and more people are kind of thinking this is acceptable behavior on the Internet,” Cluley said. “If you’re clever and smart and don’t do something dumb, your chances of getting caught are probably quite small.”
Oregon University System spokeswoman Diane Saunders said the school system was analyzing computer files for clues about who might be responsible. She said the hackers were able to access the site through a vulnerability in third-party software that tracks the number of visitors to the site. That vulnerability has now been fixed.
In many cases, major world events give online criminals a great opening to try and lure more victims into garden-variety Internet swindles.
Alan Paller, director of research for the SANS Institute, a computer security training organization, said hundreds of fake Web sites spring up after every big news event to try and fool people into coughing up their money or personal data, or both. Sometimes they’ll take the form of fake Red Cross sites, for example, that solicit donations.
The bad guys are really good at making fake sites look real. They’re also relentless advertisers: Spam volumes also surge after a big news event, with crooks trying to direct victims to sites that will infect their computers.
Paller says the effectiveness of those campaigns “is almost entirely determined by how well they exploit current news stories” and craft provocative headlines to sucker somebody into clicking on the link.
The hackers behind Oregon University System’s Web site attack got noticed — for 90 minutes at least.
Associated Press writer Joseph B. Frazier contributed to this story from Portland, Ore.
Related News
Yemen suffers turmoil on multiple frontsSeptember 17th, 2009 Yemen suffers turmoil on multiple frontsYemen is beset by wars, unrest and piracy. Here are the main troubles it faces:
NORTHERN REBELLION: Government troops and Shiite rebels have been fighting on and off since 2004.
Al-Qaida Web sites go down ahead of 9/11 anniversary, just like last yearSeptember 11th, 2009 Al-Qaida Web sites down ahead of 9/11 anniversaryCAIRO — A U.S.-based group monitoring militant Web sites said Friday that jihadist forums have been experiencing technical problems on the eve of Sept. 11, finally going offline a day before the 8th anniversary of the al-Qaida attack on the U.S.
Internet privacy bill would set rules of road for Web sites, online advertisersSeptember 7th, 2009 Privacy bill would set rules for online marketingHere is a look at some of the things that Rep. Rick Boucher, chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, hopes to put in a bill governing Internet advertising.
Study: Online as in offline, wealthier, better educated Americans still more engaged in civicsSeptember 1st, 2009 Study finds Web no equalizer for civic engagementNEW YORK — Unlike some people have hoped, the Internet hasn't led to big changes in the socio-economic makeup of Americans engaged in civic activities, a new study from the Pew Internet and American Life Project finds. As in offline politics, people who participate in online civic life — by contacting government officials, making political or charitable donations or signing petitions, for example — tend to be richer and better educated.
Iran puts more activists on trial over involvement in the post-election turmoilAugust 16th, 2009 More on trial in Iran over post-election turmoilTEHRAN, Iran — Iran's official news agency says 25 more activists and opposition supporters have gone on trial over their alleged involvement in the post-election turmoil. The IRNA report says the prosecutor read a general indictment for the 25 saying they had been plotting the post-election unrest for years.
SKorean police: Hackers extracted data from virus-contaminated computers in cyberattacksJuly 14th, 2009 SKorean police: Hackers extracted data in attacksSEOUL, South Korea — Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday. The attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.
After day delay because of lightning strikes, NASA fuels space shuttle Endeavour for launchJuly 12th, 2009 After day delay, NASA fuels Endeavour for launchCAPE CANAVERAL, Fla. — NASA has begun fueling space shuttle Endeavour after delaying its scheduled launch for a day because lightning struck 11 times near the pad.
Massive cyber attack affects government Web sites in US, SKorea; NKorea suspectedUSJuly 8th, 2009 Government Web sites attacked; NKorea suspectedWASHINGTON — A widespread computer attack that began July 4 knocked out the Web sites of the Treasury Department, the Secret Service and other U.S. agencies, and South Korean government sites also came under assault.
Officials: Major SKorean, US Web sites hit by suspected cyber attackJuly 8th, 2009 Korean, US Web sites hit by suspected cyber attackSEOUL, South Korea — Suspected cyber attacks paralyzed Web sites of major South Korean government agencies, banks and Internet sites in a barrage that appeared linked to similar attacks in the U.S., South Korean officials said Wednesday. The sites of 11 organizations including the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, Korea Exchange Bank and top Internet portal Naver went down or had access problems since late Tuesday, said Ahn Jeong-eun, a spokeswoman at Korea Information Security Agency.
News sites see crush of Jackson traffic, but Internet as a whole unfazed, says tracking co.July 8th, 2009 Some news sites saw Jackson traffic crushSAN JOSE, Calif. — News Web sites had some hiccups Tuesday because of a crush of traffic related to Michael Jackson's memorial service.
US accidentally releases nuke sites listJune 3rd, 2009 WASHINGTON - The Obama administration has mistakenly made public a 266-page report that gives detailed information about the country's civilian nuclear sites and programs, including maps showing the precise locations of stockpiles of fuel for nuclear weapons. The publication of the document marked "highly confidential" was revealed Monday in an online newsletter devoted to issues of federal secrecy.
Shuttle Atlantis fuels up for launch on last Hubble repair mission; weather near perfectMay 11th, 2009 Shuttle fuels for launch, weather near perfectCAPE CANAVERAL, Fla. — Fueling has started on space shuttle Atlantis for its mission to repair the Hubble Space Telescope.
AP NewsBreak: Air Force to remove nuclear missile due to melting snow in ND siloApril 29th, 2009 AP NewsBreak: ND nuke to be moved due to snowmeltBISMARCK, N.D. — A nuclear missile will be removed from an underground silo in North Dakota because runoff from melting snow leaked into the facility, the Air Force said Tuesday.
Calif. approves nation's first low-carbon fuel rules; oil and ethanol industries seek delaysApril 24th, 2009 Calif. approves nation's 1st low-carbon fuel ruleSACRAMENTO, Calif. — California air regulators have adopted the nation's first mandate for low-carbon fuels, a major step in the state's effort to reduce greenhouse gas emissions.
Calif. expected to adopt nation's first low-carbon fuel rules; oil, ethanol groups criticalApril 23rd, 2009 Calif. expected to adopt low-carbon fuel rulesSACRAMENTO — California air regulators are considering first-in-the nation rules to require low-carbon fuels as part of the state's wider effort to reduce greenhouse gas emissions. The California Air Resources Board on Thursday is expected to adopt standards that could serve as a template for a national policy.
Loading ...