The rise of pro-Kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-Kosovo propaganda. The ongoing monitoring of pro-Kosovo hacking groups indicates an ongoing cyberwar between pro-Serbian supporting hacktivists successfully defacing Albanian sites, and building up capabilities by releasing a list of vulnerable Albanian sites (remote SQL injections for remote file inclusion, defacements or installing web shells/backdoors) to assist supports into importing the list within their do-it-yourself web site defacement tools.
According to Serbian hacking groups, independent Albanian web site defacers initially started attacking their sites later on joined by Kosovo Hacking group. In response, Serbian hacking groups have started distributing a segmented list of remotely exploitable Albanian sites and encouraging others to join the initiative and attempt to deface the sites. For the time being, Partia Demokracia Sociale (Social Democracy Party of Albania), AlbInvest (The First Investment Forum Albania-United Kingdom), and Tirana Bank are among the high-profile sites that have been defaced next to many others.
This incident greatly represents the capability building process and the degree of information sharing between Serbian groups empowering everyone with an already verified hit list of vulnerable Albanian sites.
Both groups are currently in a ceasefire phrase, trying to figure out who provoked who, by requesting group members to participate in the ongoing discussing. However, the possibility to engineer hacktivism tensions remains just as realistic, as engineering cyber warfare tensions is, by making it look like that the source of the attack is coming from a party what would be attacked based on the lack of evidence verification - in this minor cyber conflict the groups are in fact talking with each other. Moreover, in the long-term, web site defacement groups realizing the market value of their know-how, will inevitably start contributing with spammers, phishers and malware authors in a much broader sense than the current degree of collaboration - selling acccess to compromised web servers only.