Hackers took control of USF St. Petersburg’s website for a few minutes on Friday.
Just before 2 p.m., usfsp.edu was hacked by a group, which identified itself as “Indonesian Cyber Freedom Hackers,” or INCEF.
The content of the website was replaced by INCEF’s banner, which lists the screennames of INCEF’s members, including the hacker, who identifies as Achan Dot ID.
The banner, accompanied by music, included the message: “Anything is possible. Anything can happen as long as we believe.”
Within minutes, administrators disabled the site. By 2:15 p.m., the site was fully operational again.
Later in the evening, the site seemed to experience issues loading, but by Saturday it was running again.
No one from the university was available to speak Friday afternoon, but The Crow’s Nest spoke to Vincent Lynch, a technical support member at the SSL Store, headquartered in downtown St. Petersburg. The SSL Store sells SSL security certificates to well-known companies throughout the world, protecting their websites from potential hacks. SSL Store customers include Microsoft, NASA and IBM.
“It doesn’t look like there’s any reason to believe they targeted the site specifically,” said Lynch.
Lynch said the hackers likely ran scripts to search for vulnerabilities on the web. When they found vulnerabilities, they used a method called injection to trick the site into running code of their own.
He compared the hackers to thieves wandering through a parking lot. The thieves will check every car door until they find one that is unlocked.
Content management systems, which include WordPress, the system that Lynch said USFSP is using, tend to have vulnerabilities. That’s why it’s important to stay current with site updates, Lynch said.
USFSP uses WordPress version 3.9, which was updated in April 2014 to WordPress version 4.0. Lynch said the version USF is using isn’t too old, but may account for the hack.
The Crow’s Nest made several attempts to reach Jessica Blais and Patrick Baxter of USFSP University Advancement, but they didn’t respond to calls or emails and were not in their office Friday afternoon.
USFSP is not the only website to experience hacks recently. On Jan. 12, the Islamic State of Iraq and Syria hacked the Twitter account of U.S. military’s Central Command, the group heading the military campaign against ISIS. ISIS posted threatening messages on the page, which normally displays messages of the U.S.’s progress against ISIS.
On Nov. 22, a group called Guardians of Peace hacked Sony Pictures. The group threatened to attack any theater that ran Sony’s controversial movie “The Interview,” causing Sony to pull the film from most theaters.
Since the attack on French satirical newspaper Charlie Hebdo on Jan. 7, a group called “Anonymous” has hacked French websites with pro-Islamic messages. About 19,000 sites have been affected, according to Admiral Arnaud Coustillière, France’s head of cyber security.
Information in this report was gathered from the Washington Post, the Associated Press and BBC News.