3 min read

UK government website hijacked by Islamist hackers

Graham CLULEY

April 07, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
UK government website hijacked by Islamist hackers

Want to know what air pollution is like in the UK today?

There’s a website for that: uk-air.defra.gov.uk, run by the British Government’s Department of Environment, Food & Rural Affairs (DEFRA).

Unfortunately it’s not going to be able to help you today.

That’s because a group of hackers attacked the site earlier today, and replaced its usual rather dour forecasts for air pollution over the British Isles with a message denouncing Britain’s involvement in the Iraq invasion of 2003 and an portrait of executed former leader Saddam Hussein.

ukair-hacked

Moroccan Islamic Union-Mail

It’s time to remind the British government what you did with Saddam Hussein will not forget

And we are ready to sacrifice with everything, as not to give up iraq, and stay alert for the coming…

Whether the hack was a result of a vulnerability in its web server, a failure to keep up to date patches, weak password policies or a flaw in its configuration is unclear. Hopefully a thorough investigation will take place, identifying where the weaknesses lay, and ensuring that when the site does eventually come back online it won’t be quickly compromised again.

The UK-Air website appears to be run on DEFRA’s behalf by an outside organisation, energy & environmental consultancy Ricardo-AEA. Clearly they have some explaining to do, as it seems somebody has been doing a poor job of looking after the site’s security.

It certainly appears that one problem was the apparent failure for the site’s own staff to identify that it had been hacked.

It appears the site’s administrators were slow to notice there was a problem – first being alerted that anything was wrong by Jim McQuaid, an atmospheric scientist at the University of Leeds, who tweeted an early-morning heads-up to the UK government.

Consequently, the site went offline (albeit with a broken link to the DEFRA logo):

uk-air

It does appear that attempts are being made to bring the UK-Air website back online for those addicted to their daily air pollution, as confirmed in a tweet over eight hours after the hack came to light.

defra-tweet

It’s all very easy to have a chortle over a hack like this.

After all, does a hack against a website offering air pollution forecasts really matter that much? Do hackers claiming to work under the banner of Moroccan Islamic Union-Mail really feel that the UK government is quaking in its boots about a fairly irrelevant website being defaced over 12 years since Saddam Hussein was toppled from power in Iraq? It’s hardly a high profile hack, is it?

But the concern, of course, is that things could have been much worse. If hackers were able to deface the UK-Air website with their electronic graffiti they could just have easily invisibly planted a malicious code or perhaps subtly corrupted information, without anyone noticing for months.

And if DEFRA’s UK-Air website was apparently vulnerable, that makes you wonder how many other .gov.uk websites (there are more than 3500 sites using that domain) might be poorly maintained or have been out sourced to companies who are doing a poor job of securing them?

It probably won’t take much to get the UK-Air website back online and operational again. But what will remain is uncertainty about what other websites may be insecure, and could be posing a far greater risk.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read