Are ISIS hackers really targeting small businesses?

A number of unrelated small businesses and other organizations in North America have had their websites hacked to display ISIS slogans and images. Do the perpetrators actually pose a threat? 

March 9, 2015

The business week has begun in the US with a seemingly unrelated string of hacks on small business websites, with the only connecting thread being that all were claimed by someone using the ISIS logo to either make a political statement or points with fellow hackers.

The website for Eyeflow, a publicity company based in Pittsburgh, had its homepage replaced with a black screen with the ISIS logo and “Hacked by Islamic State 2015. We are everywhere :)”

“It was a server attack, they got in through our host from what we are told,” says Phil Laboon, creator of Eyeflow, a publicity company based in Pittsburgh. “It’s incredible really. I mean, what are the odds that out of all the millions of websites, ours gets hacked by ISIS? I’m more likely to win the lottery. The FBI is coming in to talk to us now.”

Ukraine’s Pokrovsk was about to fall to Russia 2 months ago. It’s hanging on.

A few minutes after the interview the Eyeflow site, which had been up and running during the interview, defaulted to a maintenance screen.

Other organizations were similarly hacked: Southwest Montana Community Federal Union, Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart, a church in Canada and a Goodwill center in St. Louis, Moerlein Lager House and Montgomery Inn in Cleveland, The historic Montauk Manor, a condominium complex on New York's Long Island,  Sequoia Park Zoo in Eureka, California,  Backbar, a bar in Somerville, Massachusetts,  Third Street Brewhouse in St. Cloud, Minnesota and North Douglas Pentecostal Church in Saanich, British Columbia,” according to published reports.

One analyst has likened these hacks to those made of the Twitter account for US Central Command back in January and to a cartoon by the popular webcomic xkcd, which summed up the Chicken Little-style response to an event that was found to be more window dressing than broken windows.

“This is the same, dumb, CENTCOM Twitter feed hack story. This is not ISIS,” says Bruce Schneier, Chief Technology Officer of Resilient Systems, a fellow at Harvard's Berkman Center and a board member of the Electronic Frontier Foundation. “I call this kids playing politics. It happens all the time. This is someone using the mantle of ISIS and not a nation-state attacking U.S. websites.”

Mr. Schneier says, “These are not people with graduate degrees. They’re out there at their computers pushing buttons, looking for vulnerabilities. They could be anywhere in the world. The bottom line is the headline on this one is ‘Car crash. Nobody injured,’ because to people in internet security there is nothing new here.”

Howard University hoped to make history. Now it’s ready for a different role.

While Mr. Laboon says he thought at first the attack was random he now feels “targeted.”

“At first we hoped it would be, like, hundreds or thousands of websites were targeted but then we looked online and found it was only a handful,” Laboon says. “So then we began thinking about why they targeted us? We had a huge fundraiser we called LemonAID that made international headlines. Maybe ISIS re4ad the articles and decided I was a bigger political figure than I am. I don’t know.”

Lemon-AID raised funds for the Pittsburgh-based nonprofit organization, Surgicorps to supply medical missions to help children in developing countries.

Schneier remains skeptical, likening conclusions drawn from these cyber attacks to the way sportscasters explain a player’s sudden run of good plays or a team’s good or bad luck.

“In sports they’re always talking about ‘streaks’ and ‘hot hands’ which are really just a way of inventing a narrative for something completely random taking place,” Schneier says. “Anonymous would do this, hack into a site at random and then back-fill in a narrative to build reputation and cool points. Sure, there could be a person with a political agenda doing this, but the selection of the sites is most likely random. Sometimes things just happen."