ISIS photo courtesy of DarkSyde
Ack, ISIS is in my backyard ravishing my dog. When they finish that, they're coming inside to kill my granny! Next they will destroy my church and impose Sharia law! And a dingo ate my baby!
OK, maybe I overreacted just a wee bit. For a moment there, I was channeling Louie Gohmert in a wild-eyed panic about invading hordes of terrorists.
Yet it is true that my website had a run-in with some friends of ISIS. Yesterday morning I woke up and fired up my browser. As usual, it automatically reopened half a dozen or so tabs, including my own website. I heard somebody talking and assumed one of the tabs had an auto-play video so I clicked around to see what it was.
Lo and behold, it was coming from my very own Church of Mammon website, a satirical commentary on the Hobby Lobby decision. It had been defaced, the front page replaced with propaganda including a Youtube video of some dude with a beard. He was droning on about something but I hadn't had enough coffee yet to listen to agitprop so I clicked the video off. If I'd kept listening then undoubtedly I would have grown a beard and flown off to Syria to join up, right?
You can see my hijacked front page in the picture below the fold (sorry it's a bit messed up, I needed 2 screenshots to capture it all and stitched them together rather badly).
I contacted my hosting provider and spent a couple of hours cleaning things up and restoring normalcy. Essentially, they had replaced the index page and added another PHP page which they could use to re-hack later. They used basic HTML and PHP code and there was no malware involved to infect any visitors. So,the damage was quick to fix but it took time to change passwords for the server, the website, email accounts, and so on. The "and so on" was the most difficult bit, trying to think of anything they might have accessed and changed to use again in the future unless I thought to reset it.
All in all, a minor annoyance rather than a devastating attack. And really, what was the point? Look at the badly written text in the screenshot above. It doesn't make much sense; but even if it did, what do they hope to gain? Visitors will not believe that the owner of a hijacked site endorses their views because it says right there in big bold letters HACKED. Affected website owners won't look at their crappy page and suddenly decide "oh, I must swear allegiance to the ISIS caliph without delay!"
It's all rather amateurish in design, execution, and purpose. Unsurprisingly, when I did a bit of googling, it seems this is a group of "script kiddies," young people who have discovered automated hacking tools online and have just enough computer skills to use the tools but not anywhere near enough to invent them.
There are quite a few similar groups with similar names and they appear to cooperate with each other. I saw reports that suggest they defaced over a million sites in the past year, placing propaganda that is anti-Israel, pro-ISIS, and/or pro-Palestinian.
Most likely my site just randomly came up in the luck of the draw. However, it could be that they targeted it thinking that it really is a church; they replaced the content on one page with a single sentence, "Your god is SHIT!!!" In that case, it's pretty funny that these assclowns wasted their time and bandwidth on a snarky site that actually pokes fun at the hardcore Christianists who supposedly are their enemies. Maybe, as the saying goes, the enemy of my enemy is my friend?
Nah, I'll keep thinking of them as enemas instead.