Last month, an Algerian-linked hacking group defaced the website of Aberdeen City Council. At the time the motive was unclear, however later claimed it was in response to President Donald Trump's controversial ban on immigration from predominantly Muslim countries.
A new report to local councilers has shown that the breach cost more than £10,000 to remediate. The report details a “vulnerability assessment of the website” carried out by an external company at the cost of £5,550, while having to pay council staff for 170 hours extra to deal with the breach, at the cost of £4,540.
On 28 January between the hours of 19:20 to 22:00, the group going by the name of Team System DZ posted a cryptic single black page, which took over the entire website and showed the silhouette of a man in a cowboy hat above the message “security stupidity” alongside other Team System DZ branding.
Once the issue was resolved the local authority said: “The website is back online and we would like to assure residents that no personal data is held on the Aberdeen City Council website.” It added that there will be a full investigation into how the incident happened.
The report reads: “After initial investigation it is believed that the incident occurred due to a vulnerability found on the file upload facility on the ‘What's On' page of the externally hosted internet website. It was also discovered that the hacking group were actively searching for UK Government websites with upload facilities at that time. This upload function has now been disabled. There is no evidence that any data was breached or that the council's main network was compromised.”
SNP group leader said the breach was a “wake-up call” to the authority of the threats that exist online. He said: “This obviously highlights the potential risks that exist in this digital era.
The council needs to be able to think clearly about the threats that we face and that's why online security is especially important.”
Finance convener Willie Young added: “From our point of view this shows that our systems are pretty strong in that the hackers didn't manage to get to any personal information.”
A police probe was launched at the end of last month into the hacking. An update on the investigation is expected from the force today.
Ilia Kolochenko, CEO of web security company High-Tech Bridge comments: “Such incidents are probably the less risky ones: attackers don't really intend to cause significant harm, but rather to express their social or political position. However, the fact that even hacktivists, who are usually much less skilled than professional Black Hats, were able to easily compromise the website, is very alarming.”