The Fife Labour Party (http://fifelabourparty.org) website has currently been hacked by an Indonesia h3ck3r Team, with the hack completed by the member sTon3r.
As of writing this, the site is still live, so we have sent local councillor Mark Hood an email to alert him to the problem. The hack has been a defacement as can be seen in the screenshot below.
Defacement Hacks are less serious than other forms of hacking. Usually the defacement of a website is done merely for the ‘sport’ rather than to compromise data or inject malicious code into web pages. Checking out the source code of the site, there does not appear to be any malicious scripts running.
This type of attack looks more like a ‘sport’ the hacker is playing whereby several competing groups of hackers will be competing to see who can deface the most websites. Likely all the accomplishments of the Hacker and Team will be available somewhere on a Black Hat forum.
Black Hat is a term that is given to people who use their skills for malicious purposes or unethical practices, such as spamming sites to improve the SEO of other sites, unethical hacking etc.
The hack was probably made possible by the hacker finding an vulnerability in the software they were using. The site appeared to be running WordPress or WordPress MU, therefore it is likely that the software wasn’t updated to the latest version, or that a plugin was out of date or had known vulnerabilities that could be exploited.
The hack on the Fife Labour Party website could have been much worse, but from a positive perspective, no data appears to be compromised and it will give the webmaster the opportunity to review security and upgrade their software to the latest versions, as this will close previous known exploits and vulnerabilities.
Probably the worst job for the webmaster, will be to clean the server and files, and check no back doors have been left on the server, which would allow easy access for the hacker to regain access to the site.
It is a stark reminder to everyone that use Open Source software for their sites (including ourselves) to keep everything up to date, and even then, new exploits will be discovered by malicious users. The advantage of Open Source is that exploits are usually quickly identified/detected and fixes created for them.