Incident: Charity Website Hacked by Pro-Isis Group in Algeria

Published Date: 2015-01-29

Postmortem Analysis
Timeline 1. The software failure incident, where the Women’s Resource Centre's website was hacked by a pro-Isis group, happened on the night of Wednesday 21 January [32706]. Therefore, the incident occurred in January 2015.
System 1. Website hosting system 2. Lack of cyber security measures 3. Third-party hosting systems or cloud providers 4. Password management system
Responsible Organization 1. Pro-Isis group claiming to be operating in Algeria, identified as Team System DZ [32706].
Impacted Organization 1. The Women’s Resource Centre, a London-based charity [32706]
Software Causes 1. The software cause of the failure incident was a hacking attack by a pro-Isis group on the Women's Resource Centre's website, resulting in the replacement of the homepage with pro-Isis messages and a promotional video [32706].
Non-software Causes 1. Lack of funding and limited resources for cyber security measures [32706] 2. Austerity and funding cuts affecting the organization's ability to invest in cyber security [32706]
Impacts 1. The hacked website homepage of the Women's Resource Centre was replaced with pro-Isis messages and a promotional video, causing distressing scenes for visitors [32706]. 2. The charity received hundreds of phone calls from concerned members of the public, member organizations, and service users following the hack [32706]. 3. The Women's Resource Centre had to replace the hacked homepage with a maintenance message, but the hacked version was still visible on some areas of the site [32706]. 4. The charity faced difficulties in fixing the problem due to limited resources and lack of in-house technical experts [32706]. 5. The incident highlighted the vulnerability of charities in cyberspace and the importance of basic cyber hygiene practices such as changing passwords regularly and checking security controls of third-party hosting systems [32706].
Preventions 1. Regularly changing passwords and implementing strong password policies could have potentially prevented the hack on the Women's Resource Centre website [32706]. 2. Conducting regular security audits and checks on third-party hosting systems or cloud providers to ensure robust security controls could have helped prevent the incident [32706]. 3. Providing cybersecurity training and awareness to staff members to enhance their understanding of potential threats and how to mitigate them could have been beneficial in preventing the hack [32706].
Fixes 1. Changing passwords on a regular basis and checking the security controls of third-party hosting systems or cloud providers can help prevent such incidents [32706].
References 1. The Women's Resource Centre, specifically the chief executive Vivienne Hayes and head of communications Natalie Gyte [Article 32706] 2. Amar Singh, founder of Give01Day [Article 32706]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: - The hackers who identified themselves as Team System DZ also hacked the website of the Rugby League team the Keighley Cougars in November 2014 [32706]. (b) The software failure incident having happened again at multiple_organization: - There is no specific mention in the provided article about a similar incident happening at multiple organizations.
Phase (Design/Operation) design, operation (a) The software failure incident in Article 32706 was primarily due to a design-related issue. The website of the Women’s Resource Centre was hacked by a pro-Isis group, indicating a security vulnerability in the design of the website that allowed unauthorized access and defacement. The charity mentioned that they did not have extra precautions in place to protect against hacking, indicating a lack of security measures in the design phase of their website [32706]. (b) Additionally, the software failure incident in Article 32706 also highlights operational factors contributing to the failure. The charity mentioned that they did not have in-house technical experts to handle the situation, and their hosting company was trying to access backups of the site. This operational challenge of not having the necessary expertise or resources to address the hack impacted their ability to quickly resolve the issue [32706].
Boundary (Internal/External) within_system (a) within_system: The software failure incident, in this case, the hacking of the Women's Resource Centre website, can be categorized as within_system. The article mentions that the charity did not have any extra precautions in place to protect them from hacking, indicating a lack of internal cybersecurity measures [32706]. Additionally, the article highlights the importance of changing passwords regularly and checking security controls of third-party hosting systems, which are internal actions that organizations can take to enhance their cybersecurity [32706].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in Article 32706 was due to non-human_actions, specifically a hack by a pro-Isis group known as Team System DZ. The Women’s Resource Centre's website was hacked, and their homepage was replaced with pro-Isis messages and a promotional video [32706]. The charity's head of communications mentioned that they did not have extra precautions in place to protect against hacking, indicating that the failure was not directly caused by human actions within the organization [32706].
Dimension (Hardware/Software) software (a) The software failure incident reported in the article was not attributed to hardware issues. Instead, it was a case of the website being hacked by a pro-Isis group, indicating a software-related failure [32706].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in Article 32706 was malicious in nature. The Women’s Resource Centre's website was hacked by a pro-Isis group claiming to be operating in Algeria. The homepage was replaced with messages supporting Isis and Jihad, along with a promotional video containing distressing scenes. The hack was intentional and aimed at causing harm to the charity's online presence [32706].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident involving the hacking of the Women's Resource Centre website by a pro-Isis group can be attributed to poor decisions made regarding cybersecurity measures. The article mentions that the charity did not have any extra precautions in place to protect against hacking, and they only had a normal hosting package without any in-house technical experts [32706]. Additionally, Amar Singh, the founder of Give01Day, highlighted that most attacks on charities stem from the lack of basic cyber hygiene, often due to the lack of funding and skilled resources available to implement proper security controls [32706]. These factors indicate that the software failure incident was a result of poor decisions made in terms of cybersecurity preparedness.
Capability (Incompetence/Accidental) unknown (a) The software failure incident in Article 32706 was not due to development incompetence. The incident was a result of the website being hacked by a pro-Isis group, indicating a deliberate and malicious act rather than a failure caused by lack of professional competence [32706]. (b) The software failure incident in Article 32706 was accidental. The charity's website was hacked by a pro-Isis group, indicating that the incident was not accidental but a deliberate act of cyber attack [32706].
Duration temporary (a) The software failure incident in this case is temporary. The Women's Resource Centre's website was hacked by a pro-Isis group, leading to their homepage being replaced with pro-Isis messages and a promotional video. The charity is actively working to fix the problem and has replaced the hacked homepage with a maintenance message. The hacked version is still visible on some areas of the site, indicating that the failure is temporary and ongoing efforts are being made to resolve it [32706].
Behaviour other (a) crash: The software failure incident in Article 32706 does not involve a crash where the system loses state and does not perform any of its intended functions. The incident described involves a hack where the website homepage was replaced by a pro-Isis message, indicating a deliberate intrusion rather than a system crash [32706]. (b) omission: The software failure incident in Article 32706 does not involve an omission where the system omits to perform its intended functions at an instance(s). The incident described involves a hack where the website homepage was replaced by a pro-Isis message, indicating a deliberate intrusion rather than a failure to perform intended functions [32706]. (c) timing: The software failure incident in Article 32706 does not involve a timing issue where the system performs its intended functions correctly but too late or too early. The incident described involves a hack where the website homepage was replaced by a pro-Isis message, indicating a deliberate intrusion rather than a timing-related failure [32706]. (d) value: The software failure incident in Article 32706 does not involve a value issue where the system performs its intended functions incorrectly. The incident described involves a hack where the website homepage was replaced by a pro-Isis message, indicating a deliberate intrusion rather than a failure to perform functions incorrectly [32706]. (e) byzantine: The software failure incident in Article 32706 does not involve a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident described involves a hack where the website homepage was replaced by a pro-Isis message, indicating a deliberate intrusion rather than erratic behavior [32706]. (f) other: The software failure incident in Article 32706 involves a hack where the website homepage was replaced by a pro-Isis message. This behavior falls under the category of unauthorized access and defacement, which is a common type of security breach rather than a system failure in terms of software functionality [32706].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The consequence of the software failure incident reported in the article is primarily related to the harm caused by the hack. The Women's Resource Centre's website was hacked by a pro-Isis group, leading to distressing content being displayed on the homepage. While there is no direct mention of physical harm or loss of life, the incident caused significant distress to the charity, its members, and service users [32706].
Domain information (a) The failed system was related to the information industry as it involved the hacking of a London-based charity's website, the Women's Resource Centre, which is an umbrella body for women's charities in the UK [32706].

Sources

Back to List