Industry News

UK government website hijacked by Islamist hackers

Want to know what air pollution is like in the UK today?

There’s a website for that: uk-air.defra.gov.uk, run by the British Government’s Department of Environment, Food & Rural Affairs (DEFRA).

Unfortunately it’s not going to be able to help you today.

That’s because a group of hackers attacked the site earlier today, and replaced its usual rather dour forecasts for air pollution over the British Isles with a message denouncing Britain’s involvement in the Iraq invasion of 2003 and an portrait of executed former leader Saddam Hussein.

ukair-hacked

Moroccan Islamic Union-Mail

It’s time to remind the British government what you did with Saddam Hussein will not forget

And we are ready to sacrifice with everything, as not to give up iraq, and stay alert for the coming…

Whether the hack was a result of a vulnerability in its web server, a failure to keep up to date patches, weak password policies or a flaw in its configuration is unclear. Hopefully a thorough investigation will take place, identifying where the weaknesses lay, and ensuring that when the site does eventually come back online it won’t be quickly compromised again.

The UK-Air website appears to be run on DEFRA’s behalf by an outside organisation, energy & environmental consultancy Ricardo-AEA. Clearly they have some explaining to do, as it seems somebody has been doing a poor job of looking after the site’s security.

It certainly appears that one problem was the apparent failure for the site’s own staff to identify that it had been hacked.

It appears the site’s administrators were slow to notice there was a problem – first being alerted that anything was wrong by Jim McQuaid, an atmospheric scientist at the University of Leeds, who tweeted an early-morning heads-up to the UK government.

Consequently, the site went offline (albeit with a broken link to the DEFRA logo):

uk-air

It does appear that attempts are being made to bring the UK-Air website back online for those addicted to their daily air pollution, as confirmed in a tweet over eight hours after the hack came to light.

defra-tweet

It’s all very easy to have a chortle over a hack like this.

After all, does a hack against a website offering air pollution forecasts really matter that much? Do hackers claiming to work under the banner of Moroccan Islamic Union-Mail really feel that the UK government is quaking in its boots about a fairly irrelevant website being defaced over 12 years since Saddam Hussein was toppled from power in Iraq? It’s hardly a high profile hack, is it?

But the concern, of course, is that things could have been much worse. If hackers were able to deface the UK-Air website with their electronic graffiti they could just have easily invisibly planted a malicious code or perhaps subtly corrupted information, without anyone noticing for months.

And if DEFRA’s UK-Air website was apparently vulnerable, that makes you wonder how many other .gov.uk websites (there are more than 3500 sites using that domain) might be poorly maintained or have been out sourced to companies who are doing a poor job of securing them?

It probably won’t take much to get the UK-Air website back online and operational again. But what will remain is uncertainty about what other websites may be insecure, and could be posing a far greater risk.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • That reminds me of a well known anti virus company which had its website hacked by palestinians complaining about Israeli occupation of its land sometime last year. Which didn’t give me any confidence in the company so I didn’t renew my subscription.