“Hacked by Islamic State (ISIS) We Are Everywhere :)”. So read the black-bannered web page of hundreds of hacked sites across the US and Canada, disconcerting many small businesses and organizations that had no idea why ISIS was taking an interest in them. “I’m scared. I’m really, really scared, because I don’t know what to think. I don’t understand why this happened to us, a small business in West Hollywood,” said Olga Rechdouni, designer of custom furniture and dog beds. Yes, and I’m sure many traumatized dogs throughout Beverly Hills were visiting dog psychologists after hearing the news. “Imagine, ISIS is after our luxury dog beds!” They whimpered Others were in suicidal despair when they realized their owners didn’t care enough for them to plunk down $1,485 for a luxury bed. What would their friends think?
The FBI said they are not commenting on this or other identical attacks. The dogs were not available for comment. This silence on the part of the FBI probably means that they believe some connection to ISIS is, at least, a possibility. As I predicted in my security breach forecast for 2015 (Experts Say These Are the Breaches to Expect in 2015 ), I suspect that these hacks are organized by ISIS sympathizers who may not actually be connected to ISIS itself. In fact, Newsweek reports that these hacks may have been organized by an Algerian ISIS sympathizer named, Mohammed Aljzairi. Maybe, but it’s difficult to verify such things. Maybe it was just someone looking for some quick publicity.
In any event, it seems that the hackers are taking advantage of a Flash vulnerability that is mostly found in some WordPress and GoDaddy plugins. Sites from Indiana’s nonprofit Downtown Artist and Dealers Association, The Eldora Speedway, and New York’s Fix Beauty Bar were also victims, showing that the only rhyme or reason to the attacks is that they all contained a similar vulnerability.
No important data was stolen during these attacks, showing that they were simply a propaganda stunt or ISIS PR. They’d like us all to believe that they really are everywhere and make us as nervous as one of Olga’s chihuahuas, but, in fact, the attackers failed to realize that they had done these businesses a favor. Instead of treating these assaults as security breaches, these businesses should consider them as what they really are, a free pentest. Pentesting, having your site tested for vulnerabilities, can be an expensive proposition. These ISIS-loving hackers just did this for free. We, in the West, would like to extend our thanks. You have helped us shore up our country’s cyber security.