After a newspaper in Denmark published cartoons which Muslim extremists found offensive, they began rioting in the streets, destroying property and even killing people. They’ve also been defacing Danish websites, and now they’ve moved on to defacing U.S. websites. And the frightening part is that website administrators, and large U.S. companies, are not paying nearly enough attention to computer security.
Homeland security business consultant Andrew Cochran reports on the defacing of a Seattle girls’ scooter club website by extremists, (it’s since been restored) and notes: “We are asleep at the wheel. The FBI, Secret Service, CERT and DoD claims and self congratulation to the contrary, the US and the West just doesn’t take cyber-security seriously.”
Indeed. Last week, Cochran noted that large firms are hiring illegal aliens from Russia, India and the Middle East to run their computer security. For example, “Majid al-Massari, arrested in Seattle in August, 2004, was in charge of computer security at the University of Washington’s School of Nursing.” He and his whole family are supporters of Osama bin Laden and al-Qaeda, and he even misappropriated UW resources to spread al-Qaeda materials.
This is utterly stupid. What other companies have this sort of thing going on right under their noses, because they hired suspicious illegal aliens?
For the rest of us, who just run our own websites and want to ensure that nobody defaces them, extremist or otherwise, your Web host has much to do about security, and you should ensure that they pay appropriate attention to it. But you bear some responsibility as well: ensure that you have good passwords which aren’t easily guessed. This is a major method by which websites are compromised, and is entirely within your control. And because it’s so simple, it’s the method of breaking in that black-hats prefer. They’ll try to guess passwords before moving on to more complex methods.