Are ISIS hackers really targeting small businesses?

A number of unrelated small businesses and other organizations in North America have had their websites hacked to display ISIS slogans and images. Do the perpetrators actually pose a threat? 

The business week has begun in the US with a seemingly unrelated string of hacks on small business websites, with the only connecting thread being that all were claimed by someone using the ISIS logo to either make a political statement or points with fellow hackers.

The website for Eyeflow, a publicity company based in Pittsburgh, had its homepage replaced with a black screen with the ISIS logo and “Hacked by Islamic State 2015. We are everywhere :)”

“It was a server attack, they got in through our host from what we are told,” says Phil Laboon, creator of Eyeflow, a publicity company based in Pittsburgh. “It’s incredible really. I mean, what are the odds that out of all the millions of websites, ours gets hacked by ISIS? I’m more likely to win the lottery. The FBI is coming in to talk to us now.”

A few minutes after the interview the Eyeflow site, which had been up and running during the interview, defaulted to a maintenance screen.

Other organizations were similarly hacked: Southwest Montana Community Federal Union, Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart, a church in Canada and a Goodwill center in St. Louis, Moerlein Lager House and Montgomery Inn in Cleveland, The historic Montauk Manor, a condominium complex on New York's Long Island,  Sequoia Park Zoo in Eureka, California,  Backbar, a bar in Somerville, Massachusetts,  Third Street Brewhouse in St. Cloud, Minnesota and North Douglas Pentecostal Church in Saanich, British Columbia,” according to published reports.

One analyst has likened these hacks to those made of the Twitter account for US Central Command back in January and to a cartoon by the popular webcomic xkcd, which summed up the Chicken Little-style response to an event that was found to be more window dressing than broken windows.

“This is the same, dumb, CENTCOM Twitter feed hack story. This is not ISIS,” says Bruce Schneier, Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center and a board member of the Electronic Frontier Foundation. “I call this kids playing politics. It happens all the time. This is someone using the mantle of ISIS and not a nation-state attacking U.S. websites.”

Mr. Schneier says, “These are not people with graduate degrees. They’re out there at their computers pushing buttons, looking for vulnerabilities. They could be anywhere in the world. The bottom line is the headline on this one is ‘Car crash. Nobody injured,’ because to people in internet security there is nothing new here.”

While Mr. Laboon says he thought at first the attack was random he now feels “targeted.”

“At first we hoped it would be, like, hundreds or thousands of websites were targeted but then we looked online and found it was only a handful,” Laboon says. “So then we began thinking about why they targeted us? We had a huge fundraiser we called LemonAID that made international headlines. Maybe ISIS re4ad the articles and decided I was a bigger political figure than I am. I don’t know.”

Lemon-AID raised funds for the Pittsburgh-based nonprofit organization, Surgicorps to supply medical missions to help children in developing countries.

Schneier remains skeptical, likening conclusions drawn from these cyber attacks to the way sportscasters explain a player’s sudden run of good plays or a team’s good or bad luck.

“In sports they’re always talking about ‘streaks’ and ‘hot hands’ which are really just a way of inventing a narrative for something completely random taking place,” Schneier says. “Anonymous would do this, hack into a site at random and then back-fill in a narrative to build reputation and cool points. Sure, there could be a person with a political agenda doing this, but the selection of the sites is most likely random. Sometimes things just happen."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Are ISIS hackers really targeting small businesses?
Read this article in
https://www.csmonitor.com/Technology/2015/0309/Are-ISIS-hackers-really-targeting-small-businesses
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe