Website defacement is a subset of network intrusion. It is the act of intruding into a server and changing without permission all the aspects of a website which the public can see. It is similar to the act of graffiti on public property where teenagers ruin public walls in an effort to express their thoughts out publicly. Website defacement is the digital version of graffiti and instead of being carried out by outgoing, rebellious teenagers it is carried out by nerdy, smart and technically capable hackers who have an intention of spreading their ideas to people or just want to have a source of creative output.
Above is a dummy screenshot of how a defaced website looks like, after it has been defaced. This is not a screenshot from a true defaced website, but nevertheless reflects what website defacement generally means.
Basically, the current contents of a website will be taken down and replaced with a personal message from the hacker. Most website defacements are like this. They have only two motives,
- To disrupt the website and its services and also to send out a message in the form of an online graffiti. Most acts of website defacement involve nothing more than just a simple message without any decorations whatsoever other than the background color and the colors and fonts of the text.
- Discrediting reputable websites so that they cound be discredited if obscene or misleading messages are put up on it. Commercial enterprises could lose investments if potential customers or clients got a bad impression.
Website defacement is a subset of network intrusion. There is no other way to deface a website than to intrude the network in which it resides and find the files which it is made of. Once the files are found, the hacker renames them, replaces them or deletes them as he chooses. In any case, he will then upload his own content to the server hosting the site so that any users trying to access that address will see his content instead of what they are supposed to see. Due to the way some Operating Systems are designed, the hacker will most probably get away scot-free as the identity of the most powerful user is usually not logged.
Website defacements are relatively quite rare, and when it occurs, it usually has something to do with the company involved hurting the feelings of a group of people. If done on a small site, it does not cause much damage. However, if it is done on a highly commercial site, the company involved may lose millions. Granted the website is regularly maintained, website defacement really isn’t much of a threat.
Reference
Prevent Web Site Defacement
http://www.bsa.org/uk/
Analysis of Defacement of Indian Web Sites
http://www.fast.org.uk
etest associates - Website Defacement and Security Testing
http://www.etest-associates.com/pressroom/pr_website_defacement_artcl.htm