[Demo] An analysis of recent website defacements by Kevin Townsend

Late on Friday news came through that the Bangladeshi stock exchange had been hacked by Teamgreyhat. I went to have a look, because I’m keen to understand the psychology involved in destroying somebody else’s website – and there have been enough recent hacks to compare and contrast.

There’s this current one, screenshot below. I tried to pick out clues from the components of the message, such as:
a graphic – yes, clear and unambiguous
a statement of identity – yes, “We are TGH”
an explanatory cause and excuse, an appeal to a higher principle – yes, “WE ARE HERE FOR OUR INDIAN BROTHERS”; an obvious statement of support for India in its on-going cyber war with Bangladesh.
links for further information – yes, the TGH website and Twitter account. In fact further information and explanation was also posted to Pastebin.
a boast – yes, “We are Warriors. We are Achilles of Cyber World”
general threat – no, none.

Teamgreyhat's attack on bdstock.com

Then I had a look at an earlier defacement by a different group (again, screenshot below), and looked to see if there was any similarity with the same components
a graphic – yes, but not so clear. It looks like a badly drawn sabre-tooth tiger with polar bear claws trying to own the world. The message implies, ‘we pwn all of you’.
a statement of identity – yes, the SOCA Team – a clear reference to hooliganism, tribalism and aggression.
an explanatory cause and excuse, an appeal to a higher principle – yes, but not so obviously stated – apparently for a nebulous grouping identified elsewhere on the internet as ‘The Rightsholders’. The Rightsholders believe that only they know which are acceptable sites; and the SOCA Team even directs the visitor to the Rightsholder’s ‘official’ list of acceptable sites.
links for further information – yes, to both the SOCA Team HQ and to the higher cause.
a boast – yes, “SOCA has the capability to monitor and investigate you…” A clear implication that SOCA can and will spy on all and sundry.
general threat – yes, several. “You may be liable for prosecution…” I think there may be a typo here because the additional threat of “up to 10 years imprisonment” is almost certainly inaccurate; perhaps it was meant to say ‘persecution’.

SOCA's attack on rnbXclusive.com

I looked at one more defacement (again the screenshot is below).
a graphic – yes, clear and unambiguous: don’t mess with us, we’ve got claws and soar above you. There’s also a disturbing analogy with Agent Smith, the ubiquitous dark authoritarian figure from The Matrix, clearly trying to indicate that there’s no escape.
a statement of identity – yes: the Icemen, a relatively new crew with ever-increasing power.
an explanatory cause and excuse, an appeal to a higher principle – no, and this is where this particular defacement becomes more sinister. There is no reference to any higher cause beyond the existence of the Icemen themselves. This defacement has occurred because they can and choose to.
links for further information – no, none.
a boast – no, there’s no real boast. The Icemen are sufficiently assured of their own power that they feel no need to boast about it.
general threat – yes, because it is understated. You have to look beyond the obvious here. The Icemen, who everybody had thought were limited to the United States, are saying with this defacement of a Canadian website, ‘the world is our Oyster. Wherever you are, whoever you are, if we want to, we can and will shut you down.’

ICE attack on bodog.com

So what can we conclude from this comparison of a few recent defacements? Not much, I fear. They are all remarkably similar. They are all conducted by organizations with no accountability to the general internet user population. And they all try to impose their own view of what is right and wrong. It’s all about hacking says Teamgreyhat. It’s all about power says I.



Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA