The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers.
According to the FBI, ISIS sympathizers are targeting WordPress Web sites and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international sites. The agency said the attackers are mainly exploiting known flaws in WordPress plug-ins for which security updates are already available.
The public service announcement (PSA) coincides with a less public alert that the FBI released to its InfraGard members, a partnership between the FBI and private industry partners. That alert noted that several extremist hacking groups indicated they would participate in an operation dubbed #OpIsrael, which will target Israeli and Jewish Web sites to coincide with Holocaust Remembrance Day (Apr .15-16).
“The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day,” the InfraGard alert notes. “These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.”
Experts say there may be no actual relationship between these defacements and Islamist militants. In any case, if you run a Web site powered by WordPress — or any other content management system (CMS) — please take a few moments today to ensure that the CMS itself is up-to-date with the latest patches, and apply all available fixes for any installed plug-ins.
The FBI also issued an unrelated PSA advising people to be wary of fake government Web sites set up to take advantage of search engine optimization techniques that try to get the sites listed prominently in search results when searching for government services online. The FBI explains the scam thusly:
“Victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card. The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website. The victim completes the required fraudulently posted forms for the government service they need. The victim submits the form online, believing they are providing their PII to government agencies such as the Internal Revenue Service, Social Security Administration, or similar agency based on the service they need.”
“Once the forms are completed and submitted, the fraudulent website usually requires a fee to complete the service requested. The fees typically range from $29 to $199 based on the government service requested. Once the fees are paid the victim is notified they need to send their birth certificate, driver’s license, employee badge, or other personal items to a specified address. The victim is then told to wait a few days to several weeks for processing.”
“By the time the victim realizes it is a scam, they may have had extra charges billed to their credit/debit card, had a third-party designee added to their EIN card, and never received the service(s) or documents requested. Additionally, all of their PII data has been compromised by the criminals running the websites and can be used for any number of illicit purposes. The potential harm gets worse for those who send their birth certificate or other government-issued identification to the perpetrator.”
The FBI advises consumers to use search engines or other websites to research the advertised services or person/company you plan to deal with. Search the Internet for any negative feedback or reviews on the government services company, their Web site, their e-mail addresses, telephone numbers, or other searchable identifiers. Fly-by-night scam Web sites often have little or no reputation — i.e., they haven’t been online that long. A simple WHOIS Web site registration record search will often reveal scam domains as just recently having been put online.