Are ISIS hackers really targeting small businesses?
The business week has begun in the US with a seemingly unrelated string of hacks on small business websites, with the only connecting thread being that all were claimed by someone using the ISIS logo to either make a political statement or points with fellow hackers.
The website for Eyeflow, a publicity company based in Pittsburgh,聽had its homepage replaced with a black screen with the ISIS logo and 鈥淗acked by Islamic State 2015. We are everywhere :)鈥
鈥淚t was a server attack, they got in through our host from what we are told,鈥 says Phil Laboon, creator of Eyeflow, a publicity company based in Pittsburgh. 鈥淚t鈥檚 incredible really. I mean, what are the odds that out of all the millions of websites, ours gets hacked by ISIS? I鈥檓 more likely to win the lottery. The FBI is coming in to talk to us now.鈥
A few minutes after the interview the Eyeflow site, which had been up and running during the interview, defaulted to a maintenance screen.
Other organizations were similarly hacked: Southwest Montana Community Federal Union, Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart, a church in Canada and a Goodwill center in St. Louis, Moerlein Lager House and Montgomery Inn in Cleveland, The historic Montauk Manor, a condominium complex on New York's Long Island,聽聽聽in Eureka, California,聽聽, a bar in Somerville, Massachusetts,聽聽聽in St. Cloud, Minnesota and North Douglas Pentecostal Church in Saanich, British Columbia,鈥 according to聽.
One analyst has likened these hacks to those made of the Twitter account for US Central Command back in January and to a cartoon by the popular webcomic聽,聽which summed up the Chicken Little-style response to an event that was found to be more window dressing than broken windows.
鈥淭his is the same, dumb, CENTCOM Twitter feed hack story. This is not ISIS,鈥 says聽, Chief Technology Officer of聽, a fellow at Harvard's聽聽and a board member of the聽. 鈥淚 call this kids playing politics. It happens all the time. This is someone using the mantle of ISIS and not a nation-state attacking U.S. websites.鈥
Mr. Schneier says, 鈥淭hese are not people with graduate degrees. They鈥檙e out there at their computers pushing buttons, looking for vulnerabilities. They could be anywhere in the world. The bottom line is the headline on this one is 鈥楥ar crash. Nobody injured,鈥 because to people in internet security there is nothing new here.鈥
While Mr. Laboon says he thought at first the attack was random he now feels 鈥渢argeted.鈥
鈥淎t first we hoped it would be, like, hundreds or thousands of websites were targeted but then we looked online and found it was only a handful,鈥 Laboon says. 鈥淪o then we began thinking about why they targeted us? We had a huge fundraiser we called聽聽that made international headlines. Maybe ISIS re4ad the articles and decided I was a bigger political figure than I am. I don鈥檛 know.鈥
Lemon-AID raised funds for the Pittsburgh-based nonprofit organization, Surgicorps to supply medical missions to help children in developing countries.
Schneier remains skeptical, likening conclusions drawn from these cyber attacks to the way sportscasters explain a player鈥檚 sudden run of good plays or a team鈥檚 good or bad luck.
鈥淚n sports they鈥檙e always talking about 鈥榮treaks鈥 and 鈥榟ot hands鈥 which are really just a way of inventing a narrative for something completely random taking place,鈥 Schneier says. 鈥淎nonymous would do this, hack into a site at random and then back-fill in a narrative to build reputation and cool points. Sure, there could be a person with a political agenda doing this, but the selection of the sites is most likely random. Sometimes things just happen."
