The largest independent Jewish school in the UK came under attack from apparent pro-Islam hackers recently, with a defacement attack proclaiming that Islam “is the only true religion’.
In the incident last Wednesday, cyberattackers calling themselves ‘Gabesi TN and Latino Saber’ from the ‘Tunisian Fallaga Team’ defaced the website of London’s Jewish Free School (JFS).
The homepage was replaced with a message that showed a balaclava-clad figure, a Tunisian flag and Arabic writing followed by text condemning “terrorism against Muslims”.
We are back once again knocking snicks and snitches doors cause your crimes is something we don’t forgive
The message was swiftly removed and a JFS spokesperson told the Jewish News that its web support team was able to rectify the problem and ensure the site was back online within minutes.
Unfortunately attempts such as this are commonplace for many Jewish organisations who are forced to employ actions to mitigate against such nuisances.
According to RT, a Jewish school in Baltimore was also attacked last month by these hackers.
‘Tunisian Fallaga’ aren’t the only hackers who have used website defacements for political messages.
The Syrian Electronic Army has compromised websites of the US Army, Twitter, the New York Times and others, and pro-Palestine cyberattackers have previously compromised Google.ps.
It’s a good result that the JFS was able to restore its website quickly, and equally good news that the attack seems to have resulted in defacement rather than a full-on breach resulting in data loss.
Nevertheless, even a defacement means that hackers were able to get further than they should have.
Indeed, a defacement acts as a sort of public proof that your website is insecure – a bad look for any organisation or business, regardless of its size.
So, what can you do to protect your organisation? As we have advised before:Patch! Attackers can use automated search techniques to locate servers that running outdated software that they already know how to exploit. In other words, they deliberately choose victims where their attacks will succeed.Backup! In this case, JFS recovered its legitimate website content quickly. Version control software can let you roll back small changes promptly, while off-site backup gives you a slower but surer way to recover in the event of a serious outage or attack.Protect! Security tools can help detect and prevent attacks. Firewalls limit the extent to which attackers can wander around if they do get into your network, and server anti-virus can prevent uploaded attack code from running.
While you’re about it, make sure you pick proper passwords for your servers, to stop attackers from simply logging in remotely and modifying content without even needing to hack their way in.
Also, consider using two-factor authentication so that a stolen or leaked password isn’t enough on its own for a crook to login.