Pro-Serbian hacktivists attacking Albanian web sites

Summary:The rise of pro-Kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-Kosovo propaganda.

The rise of pro-Kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-Kosovo propaganda. The ongoing monitoring of pro-Kosovo hacking groups indicates an ongoing cyberwar between pro-Serbian supporting hacktivists successfully defacing Albanian sites, and building up capabilities by releasing a list of vulnerable Albanian sites (remote SQL injections for remote file inclusion, defacements or installing web shells/backdoors) to assist supports into importing the list within their do-it-yourself web site defacement tools.

Pro-Serbian hacktivists attacking albanian web sites

According to Serbian hacking groups, independent Albanian web site defacers initially started attacking their sites later on joined by Kosovo Hacking group. In response, Serbian hacking groups have started distributing a segmented list of remotely exploitable Albanian sites and encouraging others to join the initiative and attempt to deface the sites. For the time being, Partia Demokracia Sociale (Social Democracy Party of Albania), AlbInvest (The First Investment Forum Albania-United Kingdom), and Tirana Bank are among the high-profile sites that have been defaced next to many others.

Pro-Serbian hacktivists attacking albanian web sites

This incident greatly represents the capability building process and the degree of information sharing between Serbian groups empowering everyone with an already verified hit list of vulnerable Albanian sites.

Pro-Serbian hacktivists attacking albanian web sites

Both groups are currently in a ceasefire phrase, trying to figure out who provoked who, by requesting group members to participate in the ongoing discussing. However, the possibility to engineer hacktivism tensions remains just as realistic, as engineering cyber warfare tensions is, by making it look like that the source of the attack is coming from a party what would be attacked based on the lack of evidence verification - in this minor cyber conflict the groups are in fact talking with each other. Moreover, in the long-term, web site defacement groups realizing the market value of their know-how, will inevitably start contributing with spammers, phishers and malware authors in a much broader sense than the current degree of collaboration - selling acccess to compromised web servers only.

Topics: Security, Servers


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.