Trend Micro: Pakistani hacker defaced roughly 15,000 websites since 2011

Trend Micro reports that Pakistani hacker capabilities are on the rise; tampering with websites are increasingly becoming the primary way that “hacktivists” are drawn attention, or even more threatening attack.

Tampering website is a common denominator of “radical hackers,” who often invade websites and tamper with the site’s content to promote their “cause.” Trend Micro This report highlights the following major geopolitical events and conflicts are the main cause of site tampering:

• Israel occupies Palestinian land and takes military action.
• Charlie Hebdo, the French caricature magazine, was controversial in 2015 for publishing a comic that portrays Mohammed, the Muslim Prophet.
• Border dispute between India and Pakistan.
• The Syrian government launched airstrikes on residential areas in April 2016.
• Independent dispute in Kosovo.
• South China Sea dispute (Xiaobian resolutely safeguard China’s sovereignty and integrity!).

Trend Micro analyzed aggregated data from multiple sources across multiple countries from 1998 to 2016. Data statistics show that this type of hacker attack on different systems and servers, see below:

Metadata provided by tamperers voluntarily (as Trend Micro has not yet confirmed) shows that attackers use various vulnerabilities and more than 30 different methods to attack the site. Attackers often exploit common vulnerabilities (local file inclusion, SQL injection, password guessing, etc.) to attack Web sites. In addition, attackers also use server intrusion, social engineering, URL infection, and man-in-the-middle attacks to obtain credentials.

Researchers also found that such hackers voluntarily left contact information on the site, something unusual in other cybercrime. “Aggressive hacker” usually leave e-mail and Twitter account. In fact, these hackers left multiple e-mail addresses on 6% of the pages. These hacker groups also seem to advertise their own slogans to convey political messages.

In addition, they also add visual effects by leaving streaming media in such campaigns. The researchers found that 32% of tampered content is typically embedded in URL addresses and that hits the jump to streaming media service platforms like YouTube or audio files hosted on external sources.

According to the report, Pakistani hackers are the main participants in the trend analysis of 13 million website tampering events in the past two decades. Trend Micro found that there were more Website tampering activities than the “Liberation of Kashmir” activities. ZCompany Hacker and Muslim Freedom Army have been the dominant players since 2011. Hackers invaded the Indian website and posted messages to protest human rights violations and persecution of Kashmir.

Foreign media reports that Trend Micro’s report may indicate that Pakistan is gradually becoming a more prominent cyberspace player. A recent report released by HackerOne, a reward-for-reward platform, emphasizes that Pakistan is one of the countries that received the most bounty in the global vulnerability rewards program. Pakistani researchers won a total of 647,339 U.S. dollars (about 4.17 million U.S. dollars) in prize money through HackerOne in 2017. Pakistan is also HackerOne’s fourth largest participating nation, behind only the United States, India, and Russia.

Although Trend Micro said such hacks seem to be tampering with the content of the site, experts warn that hackers could turn to more threatening attacks.

The report points out that the line between pure website tampering and cybercriminal attacks or cyber espionage has disappeared. Hackers are passionate about developing Web shells (accessing the back door to hacked Web servers) and studying how to compromise stolen data. After tampering with the site, hackers’ next plans appear to be to make use of the available information.

Reference: TrendMicro