Hacked by Virus Iraq: A Local Story of International Cybercrime

Star & Crescent was hacked for the second time in our short history over the Easter weekend. Here, Editors in Chief Tom Sykes and Sarah Cheverton reflect on the experience.

We receive a Facebook message to the S&C page that reads: ‘We are Islamic State Hackers’.

It is followed by another message: ‘We will hack your site.’

An hour later, our site is hacked and our front page is replaced by a new screen (shown below) that reads ‘Hacked by X-Sec Team’ and ‘Hacked by Islamic State’.

280316FrontPage_FromDeesideTwitter

We don’t notice at first. It’s Bank Holiday Monday on the Easter weekend. Our articles for the day are scheduled in advance and so is our social media, neither of us have checked the site today.

It’s actually the editor of a fellow hyperlocal, Jonathan from Deeside.com in Wales, who notices the hack and flags it up to us.

Malcolm Tucker

Image by Morning Star.

We were hacked for the first time back in February when we broke a story about Tory councillor Scott Harris’ leaked email outlining a plan to smear local residents, and a charity and its CEO. The story quickly went national, including coverage in the Guardian, Independent, Metro, and Morning Star (see right).

Because of the timing of that hack, it was unclear to us then if we had been deliberately targeted as a result of the story. With another hack coming so close behind it, our first suspicion is the same as Jonathan’s from Deeside.com: are there people in Portsmouth this determined to fight against independent local news?

However, when we go to the site and see the message, paranoia turns to puzzlement. S&C annoying local politicians? Sure, we’d be failing in our job if we weren’t in some respects, but being considered a threat to IS? That seems a stretch.

On the phone to each other, we wonder if our name has somehow made us a target: the star and crescent is an Islamic symbol as well as being part of Portsmouth’s city crest.

At this stage, though, it’s a moot point. We need to get the site back online as soon as possible.

We contact our web developer. At first he is unconcerned, the hack seems basic and is simple for him to fix.

That is, until the hacker returns and simply hacks it again. And again. Then he hacks our server, replacing every title on our entire site with ‘Hacked by Virus Iraq’ (see featured image at top of page).

This guy knows what he’s doing.

If hacking our site was inconvenient, hacking our server is far more grave. We realise quickly that the consequences might include losing the site altogether.

This is a danger facing any small website: very often the people who create websites for their small business, community group, or charity are not expert web developers. We certainly weren’t when we started S&C and this made us vulnerable to being hacked.

Ironically, it’s only through being hacked that we’ve learned about securing our site better and improved our practices, but the main lesson we’ve learned is this: if someone is determined to hack your site, they will. If it can happen to Google, CNN, Amazon and Ebay, it can happen to anyone. It seems like hacking is a fact of life now, the consequences of which we all have to live with. Hacking now makes all our data more insecure, not just for our businesses but for all of us as private individuals.

There are no easy answers to this.

It seems that hacking attacks by individuals or groups aiming to raise awareness of political causes – as our hacker aimed to do – or to disrupt powerful interests – as Anonymous aim to do – are becoming a more routine feature of our daily lives.

Forbes recently reported that the Panama Papers, originally reported as a leak, were actually obtained by hacking the website of Mossack Fonseca – ‘a three-month old version of WordPress’. This hacking has already led to the resignation of the Icelandic Prime Minister and calls for our own Prime Minister’s financial interests to be scrutinised, despite his insistence that it’s ‘a private matter’.

It’s estimated that 50,000 new WordPress sites are created every day, with almost 75 million already in existence. A lot of the sites you use will be using WordPress and its popularity is one reason why it remains high on the target list for hackers. Forbes reported in 2013 that 30,000 websites are hacked every day.

Why do hackers hack websites like ours? While this might be a philosophical question in part, there are also some practical reasons, including to gain consumer data (particularly from commercial or retail sites), to plant malware or to send spam emails. Our hacker also seems to have had strong political aims in hacking our site, if the page he left behind on his first hack is anything to go by. Whatever the motivation hackers might have, it seems they are unlikely to stop anytime soon.

And if you don’t run a website and think this doesn’t concern you, think again. Whilst hackers rarely target individual devices – including your laptop and phone – in the same way as websites, the viruses to which your phone or computer may be vulnerable can be used by hackers to disguise their identity in more major hacking attempts, or simply for identity theft.

Website owner or individual consumer, we all have reason to find out about the continuing rise of hacking and its influence on all our lives. Although none of us can erase the possibility of being targeted by hackers, there is plenty you can do that will make it more difficult for hackers to target your website or device.

Given our recent experience, we’d advise all our readers to improve your awareness of internet privacy and security, because while you may never be deliberately targeted by hackers, there is an increasing chance that like S&C, you might find yourself caught in the crossfire of a far bigger power struggle.