Website defacement, where malicious actors penetrate a website and place their messages on them, is a tried and tested elementary tool of cyber attack. However, the website defacement numbers in our radar spiked yesterday, all from a single hacker!
US-based cybersecurity firm HackNotice posted an increasing number of defaced websites in the 24 hours since Wednesday. The Cyber Express noticed the spike, searched out each instance and the traced the defacements to a popular Indonesian hacker group.
Website defacement: spike in targets
The hacker has been active in the recent months, we found, but the trail of defacements has expanded since December, and the list of the websites and the information of individuals who have hacked them is available on the HackNotice website.
The company has been sharing these victim websites via Twitter posts, and between December 19 to December 22, The Cyber Express found nearly 55 instances of defacements of popular websites and businesses.
Here is a list of some of the companies and businesses currently facing defacements by an Indonesian hacker named Mr. rm19.
However, one thing that caught the attention of these defacements is that the credited hacker is the same for all the instances and belongs to the “2013 Indonesian hacker rules” group.
Website defacement: why?
Website defacement is the act of maliciously altering the content or appearance of a website. It is typically carried out by hackers who have gained unauthorized access to the website’s server or hosting account.
Defacement can range from relatively minor changes, such as adding graffiti or vulgar language to a website’s homepage, to more significant changes that render the website unusable or cause it to display false or malicious information.
In some cases, defacement is used as a form of cyber vandalism or to spread propaganda or make political statements. Defacement can also be used as a form of cybercrime, such as when it is used to steal sensitive information or to extort money from the website’s owner.
In this particular instance, most of the companies have names derived from Bahasa Indonesia (the local Indonesian language), hinting that these businesses are located or operated in Indonesia. At the same time, it also indicates that the attackers may belong to the same place.