“A dangerous apocalypse awaits French cyberspace and we will continue the attack until you ask for forgiveness. Get ready ! “ This sentence of great gravity appeared on the weekend of October 24/25 on dozens of French websites. The latter were disfigured by visibly Muslim hackers, who believed that France had insulted their prophet. These attacks followed statements by Emmanuel Macron who defended freedom of expression and, in particular, the cartoons on religions.
This wave of attack was a classic case of “hacktivism”, when hackers use their technical know-how to defend an idea. Disfiguring a website is one of the basic techniques of hacktivism, as is distributed denial of service (DDoS). This is an attack that is not very technical and, it should be emphasized, is not very serious if it is limited to uploading an unwanted message. The site owner can quite easily remove it and restore their digital storefront. Fortunately, we are therefore very far from any apocalypse.
To be able to modify a third-party web page, hackers must hack their web server. In the case of Islamist hackers, we see that the targets were generally small sites: town halls, blogs, associations … These websites had no connection with the declaration of Emmanuel Macron or the cartoons of the prophet.
If they were attacked, it was because it was easy. Hackers have probably used automated or semi-automated tools to detect vulnerable sites and post their message there. This type of strategy is ultra-classic and has been around for years with hackers of all stripes, whether they are defending religion, degrowth or organic food.
Usually, they take advantage of well-known security holes in content managers, as a lot of small sites are misconfigured or not updated. The most common attack vector is SQL injection, which involves inserting SQL commands into form fields to access the user database and thereby recover an administrator’s password. Other techniques include brute force password attacks and cross site scripting.
The hackers could also have tried to attack the website of the Presidency of the Republic directly … But this is obviously a different story, because this web server is very well protected. In reality, this type of strategy is less and less frequent, because companies and organizations which are very visible on the Web tend to shield their services well. Tackling it would require much more sophisticated techniques.
Hackers go all out
In 1996, for example, hackers successfully uploaded pornographic content to the US Department of Justice’s web to protest against web filtering. It was one of the first disfigurements in the history of the web. Today that would be much more difficult to achieve. Anyway, it doesn’t matter, because what interests these hackers above all is to gain visibility quickly at all costs. And if the operation is strong enough for the authorities and / or the media to echo it, the mission is accomplished.
Who are these hackers? It’s obviously hard to say precisely. A large part of the hackers who disfigure websites are probably beginners, who can thus cut their teeth. But that doesn’t mean that there aren’t a few seasoned hackers in the pack who have joined the movement for fun.
Indeed, a study carried out in 2017 by two Dutch researchers on hacktivism shows that these people do not only act out of ideology, but also for fun, for the (small) challenge that this represents and to collect some titles of nobility within their community of hackers. This is the reason why these messages are systematically signed and accompanied by greetings (“greetz”).
Disfiguring a website is also a way to be seen by your peers. It is also for this reason that these hackers do not hesitate to report their exploits themselves to zone-h.org, a site that references disfigured websites in real time, and has been doing so since 2002.