FBI: ISIS using WordPress glitch to deface websites

Hackers claiming affiliation with the Islamic State of Iraq and Syria (ISIS) are using security problems in WordPress to deface sites around the Web, the Federal Bureau of Investigation (FBI) warned Tuesday.

The attacks affected the websites of “news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments and a variety of other domestic and international Web sites,” the bureau noted in a public service announcement. No specific sites were named.

{mosads}“Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems,” the alert stated.

ISIS sympathizers are particularly active online, mounting cyber attacks, recruiting new followers and even working to create a social network that would allow the group’s members to communicate without disruption.

Social networks such as Twitter are working to take down ISIS accounts. Hackers affiliated with Anonymous, the online anarchist collective, have assisted in the effort by posting lists of ISIS-affiliated accounts, emails and Web addresses.

The WordPress vulnerabilities exist primarily in content management systems that are not fully up-to-date. Software patches are available for most of the weaknesses apparently exploited by the hackers, the FBI said.