Rishi Kapoor, a Social influencer, popularly known as ‘Lee’s Planet’ on Youtube. With few millions subscribers on his ‘Toys review channel’, his position was on an upward trend on the global Youtube influencer list. His popularity made the monies from Youtube look nominal infront of the endorsement and promotion revenues, this was the point when he decided to host parallel content on his own Website, this decision was supported by his sponsors as much more could be achieved once the consumer of the content is a self-controlled platform. Rishi’s business plan included ecommerce of product that he would endorse exclusively. This was an idea that one of his friend in the VC circle backed and the term sheet was signed, this was a big move in Rishi’s career and his first big start-up move.
With the launch date approaching close, Rishi announced the mega plan of his Website via a video post. The response by his fan was encouraging. While most comments were congratulatory in nature but some were typical trolls, for whom the only motive in life to spread negativity. Swadesh was one such follower, who had no strong reason to oppose or defame Rishi except for exchange of few heated debates over the internet. Maybe he was also a past user who made some bad purchase decisions and blamed Rishi for influencing him into doing so or a agency sponsored by his competitor.
Swadesh, always wanted to hurt him hard, but given the anonymity of internet had very limited resource to give some noticeable injury. Youtube as a platform operated by Google, was like a impenetrable fort and being a Grey Hat hacker, he was aware that trying to attack the channel shall reap no luck. The website launch news was an opportunity that Swadesh was waiting for some while now. While Rishi was posting teasers of his upcoming website, Swadesh was busy with random phishing attacks to plant a malware on Rishi’s computer. He used a very common technique by impersonating fan messages and one such congratulations greeting card link did the job for him. As soon as the malware was installed on Rishi’s computer it gave a backdoor entry of all files and folders to Swadesh. He constantly monitored the working on the files and links, by now he had access to confidential information such as user id and password of most applications including the file transfer application used by Rishi to upload files to his webserver.
On the launch day, the files on the webserver were replaced by some sexually explicit images and videos. The defamatory content written on the website had mentions of some other big celebrities too. This added fuel to fire, visitors to the website took on the internet to objectify the action of ‘Lee’s Planet’ following their disappointment in the popular toy reviewing channel. Media was not late catching up on this news and further added to the damage. The result was mercury drop of followers, Rishi lost around 78% of the base in the first 48 hours, in addition to the loss of reputation and loss of face.
Most individuals spend on designing and setting up their website, then spend on digital marketing and advertisement but fail to protect the basic infrastructure of their setup. This is the same as you construct a grand Vila, but don’t fence the area surrounding it . A check on the security aspects of a Website are often neglected. It is important to pay attention to basic security hygiene as you build your brand. Competitors, Unhappy fans, Trolls etc are known to have damaged brands beyond just negative commenting or sharing. There are professional companies engaged in the activity to provide such services to whoever wishes to avail them.
The incidence occurred above with Rishi, is a cyber crime known as ‘WebDefacing’. The idea here is to deface someone or a business. It is achieved via hacking into the web server and replacing the original files with the ones that are build to defame the person or business. Such hacks may destroy or disrupt site content, which means that you need to have a cool and clear head while restoring. Beyond backups, there are other common web maintenance tasks which should be done on the server such as performing regular updates on OS level, applying the correct security patches, vulnerability assessment and penetration testing.
Here are some mitigation tips :
- Having Security audits and penetration tests: Get a vulnerability assessment and penetration testing done for your Webserver and Application.
- Use of defacement monitoring and detection tools: Use security software which will detect and monitor fraud links and vulnerability.
- Keep a backup: Always keep a backup or copy of all the files and folders..
- Have a 360 Internet Protection suit instead of plain vanilla Anti Virus.
- Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently
- Avoid clicking on hyperlinks within email communications. Type the URL into the web browser instead.
- Be aware and diligent to social engineering attacks or phishing attacks. Don’t click or download anything which is not scanned by the ATP.
- Always keep browsers such as Chrome, Safari, Mozilla etc updated with the latest security patches.
- Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments. Always scan for malware before unzipping a folder or file.
- You must turn on multifactor authentication across your organisation, across all accounts. This is now considered the absolute minimum you can do to ensure security online.
- Immediately report any suspicious emails to your information technology (IT) helpdesk, security office, or email provider.
- Immediately report it to the Police authorities.
Reference: