Conditions that prevent recreational hackers from defacing websites do not deter hackers who target sites for political reasons, research from Georgia State University’s Evidence-Based Cybersecurity Research Group (EBCS) has found.

Hackers defaced more than a million websites in 2017. About 30 percent of those defacements are politically motivated, the majority of such hackers appearing to protest social and political injustice and wars.

Using a sample of worldwide websites hacked in 2017, EBCS director David Maimon and his colleagues examined the relationship between a country’s characteristics and the frequency of website defacements reported in Zone-H, a unique online archive in which hackers report their malicious activities. C. Jordan Howell of Georgia State, George W. Burruss of the University of South Florida and Shradha Sahanic of the University of Maryland, College Park, were the study’s co-authors.

Hackers commonly deface websites to protest social and political injustice around the globe, spreading their message to a wider audience. However, recreational hackers are less likely to deface websites in countries with a “capable guardian,” a term researchers use to describe a strong military presence that uses computer emergency response teams as first responders to cyberattacks.

The presence of suitable targets also led to increases in the frequency of website defacements across countries.

“A country’s gross domestic product, commitment to educational attainment and level of freedom are associated with the amount of time spent online and a nation’s internet infrastructure,” Maimon said. “These conditions increase visibility and accessibility, increasing the country’s suitability as a potential target.”

Politically motivated hackers, however, were target-specific and not influenced by a country’s socioeconomic characteristics or internet infrastructure.

“Those hacking for political reasons appear to be driven by their evaluation of a target’s value,” said Howell, the study’s principal investigator. “They were unfazed by the presence of a capable guardian or the other elements a recreational hacker would use to determine suitability.”

“Understanding this connection is important,” Maimon said. “Website defacement, although a relatively simple form of hacking, can have severe consequences for both the hacked websites and the reputation of their owners.”

“In our study, we argued country-level characteristics can be used to predict website defacement victimization,” Howell said. “This week’s defacement of the Federal Depository Library Program’s page, attributed to Iran, is helping prove our assertion to be correct.”