What is deface or defacement?

Imagine the following situation: you are surfing the internet quietly and, when you try to access a website, you are faced with a different home page. Instead of the content, it has a strange message indicating that the site has been hacked. It is possible that this has already happened, but do you know exactly how this attack works and why it seems to be so frequent? Below we will explain what deface is and how to protect yourself from it. Check out.

What is deface?

The “deface” or “defacement” is the process of modifying the content that is displayed on a website. The most common in this case is that the attacker does not usually access the database or bring down the server or hijack the responsible machines: he simply leaves a message for the users and those responsible, placing the message over the original structure.

Many comparisons to understand deface cite graffiti: it is almost a signature, with the difference that the wall is someone else’s page. Instead of menus, texts and such, an image chosen and uploaded by the hacker appears, as well as a signature for the attacker to identify himself and mark territory, with a message he chooses.

And why would anyone do that? Well, it could be for any reason. However, the most basic ones range from testing the security level of a server to the purest joke of an attacker. However, deface was also famous for being an attack to send messages of a political nature, such as protesting or denouncing an event. Here in Brazil government, political or party websites end up becoming targets of deface.

How is deface done on a website?

To carry out deface, the attacker must somehow gain access to an environment that is not normally authorized. This can happen in several ways, and some are quite obvious, such as getting the password for the server, the SSH network protocol account, or the page administrator account.

This can be done by social engineering, using a fake phishing login page, or even by brute force, if it is an easy code or system default. It is even possible to obtain this authentication in a more complex way using insecure Wi-Fi networks, such as those opened at airports.

Another method that allows deface is the good old SQL injection, which is to insert an outside statement in the coding between an application and its database. This technique is very famous and widespread, depending on the security level of the server and the knowledge of the attacker, deface is only one of the possibilities for those who have access to a complete information base.

In addition to these, there is another way, which instead of attacking the website compromises the DNS server. He is responsible for establishing the communication between a page and IP addresses that wish to access the content or the person responsible for the domain.

This is usually outsourced, that is, it is not necessarily the task of a technology giant. If it is a small business with no major security commitment, it becomes an easy target. This is not exactly a deface, because it is no longer “graffiti” on top of a page, but hijack the domain and “put a new graffiti wall” in place of the original site, redirecting users to the message.

Deface on Brazilian sites

In 2015, several national sites were defaced by alleged Islamic extremists, but in reality they could only be playful invaders. They left a message instead of the content of one of the most classic sites on the Brazilian internet: Pudim.com.br, which fortunately quickly returned to normal.

In January 2017, we had a famous case in Brazil. The national Google, in addition to the UOL and Folha de S.Paulo, had the domain redirected to a message. The attack was claimed by Kuroi’Sh, and the message was about 30 minutes in the air.

Problems caused by defacement

Apart from the visual aspect, the hacker attack can impact the loss of website visitors in the short and long term. This is because the content is unavailable until the situation is resolved, in addition to the user’s confidence that may decrease due to the feeling of insecurity on the site and because there is no way for him to know if in addition to deface, there was some other type of vulnerability on the page.

Another major problem is related to search engines, such as Google, which tend to bring down compromised sites on search results pages, in case the problem is not resolved quickly.

And of course there is the question of the owner’s security: if the site presented a vulnerability, even if only on the surface, it can also present flaws at internal levels.

How to protect yourself from an attack?

To protect yourself, the important thing is to always have a recent backup of the system, so that it is easy and possible to restore the page to a stable and original version, without any type of invasion.

In addition, always keep all plugins and third-party software updated to the latest version, so that they do not present vulnerabilities and have security improvements.

And, if you have been the victim of one of these scams, the basic digital protection tips are: changing access passwords, having proper administration security policies, as well as secure encryption standards and monitoring any suspicious traffic. If you have more advanced technical knowledge, manually check the code for suspicious implementations or loopholes.

Leave a Comment