e-flux Conversations has been closed to new contributions and will remain online as an archive. Check out our new platform for short-form writing, e-flux Notes.

e-flux conversations

FBI: Hackers Exploiting ISIS Notoriety To Promote WordPress Hacks

Hacked UK government site via Forbes

On Forbes, Thomas Fox-Brewster reports on the FBI’s warning against self-described ISIS sympathizers who are targeting WordPress plugins and possibly buying up vulnerabilities.

Read the article here:

Self-described sympathisers of extremist group ISIS have hacked their way into websites to leave messages for visitors, the FBI has warned. The law enforcement agency said yesterday many sites were being attacked because of unpatched flaws in their WordPress content management systems.

But the FBI said the hackers, who were targeting WordPress plugins, were unlikely to be directly affiliated with ISIS, and were using the group’s notoriety to gain more attention for their illicit work. Though the techniques employed were not sophisticated, the FBI said “successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future website exploitation.”

Web security group Sucuri named two pluginsthat were being exploited by those brandishing the ISIS flag: RevSlider and GravityForms. Users can protect themselves by simply updating those plugins. “We are not aware of any new vulnerabilities in either of the plugins,” the group added in a blog post.

Regardless of their ties with the extremist group, ISIS and organisations with similar modus operandi have benefitted from those who have found their way into a large number of websites across the world in recent months, coinciding with their on-ground campaigns in Iraq, Syria and beyond. A UK government-owned site, used for checking air pollution levels, was yesterday hacked by a crew calling themselves the Moroccan Islamic Union-Mail. They left a message denouncing the British government’s involvement in the Iraq war, which was later removed by the Department of Environment, Food & Rural Affairs (DEFRA).

It’s not just western organisations that are suffering as a result either. A recent report from intelligence organisation Group-IB showed as many as 600 Russian businesses and public bodies had been attacked by ISIS. Ilya Sachkov, CEO of Group-IB, said most ISIS-related hackers were not technically gifted, though some were “very qualified”. Most simply head on hacker forums and follow simple instructions available to anyone. “ISIS just repeats this stuff.”

He also believes that ISIS is using typical tactics of nation state hackers, such as buying up vulnerabilities and access to previously-hacked sites.

Researchers have uncovered various attacks ostensibly carried out by ISIS hackers. Many have been aimed at individuals across Syria, Iraq and nearby states. A report in December from Citizen Lab indicated ISIS used malware to try to find out the identity and location of its enemies. Groups such as Cyber Arabs have been offering assistance to those threatened.

Seems these are the people who hacked e-flux a few weeks ago