If they're causing losses to our commercial systems, they're attacking our economy. They're terrorists. And we either stop them, or we die of a million papercuts.
That's my take on the matter. This so-called "defacement" causes time and money to fix, causing losses of productivity and economic losses. It is an attack. Period.
And if someone is attacking in support of terrorist organizations, I value their life not at all. Doesn't even count as "a human life" to me, any more than some jihadist that a GI nails while they're planting IEDs in Iraq.
No, botnets and zombies (the computer kind) are causing massive losses to our commercial systems. Russian organized crime is at the forefront of 'cybercrime', not Islamic-centric hackers. Talk about focusing on the wrong problem... Defacements of an HTTP server are cause nearly zero damage compared to viruses, worms and malware. You want to complain about 'hard work', try un-Charlie-Foxtroting a network loaded with a decent worm if your bosses refuse to buy you the correct tools. For every one Islamic script kiddie, you have a dozen PROFESSIONAL hackers working for some kind of organized crime outfit running botnets, corporate espionage, and mass spamming.
Where do you think all that spam comes from? Think of how much that spam is costing your company. You have to harden your SMTP server, add in spamassassain or have your mail forwarded through a specialized anti-spam service, deal with bandwidth costs, add in the hidden ISP charges for spam bandwidth, etc etc.
I've heard random news clips of "One in x home Windows PC's is part of at least one botnet." I absolutely believe it. Spyware is even more prevalent.
Some kiddie half a world away ran a script he downloaded from somewhere against your poorly secured server. He puts up a probably pretty stupid HTML file with some pathetic 'political' message you don't like. Now you believe all political hackers should be treated as terrorists, and that we should ignore the real threats in order to focus on a rare occurance. I'd say you should run for Congress, but I think that might be considered a personal insult so I'll leave it unsaid...
And there are places that don't think much about it even AFTER something bad happens. About the 3rd or 4th week in my tenure at my current employer one of our sites gots hacked. Then there was the time the boss brought a virus in on his laptop and it started to spread into the network. Despite that, its still an unbelievable hassle to get things secured.
I need a new job....
My current employer thankfully is decently security minded, for a corporate environment. They didn't have a security specialist, as most small to mid sized businesses do. I never thought I'd say this, but I'm almost thankful for SOX compliance. I've been budgetted some very nice security and DR tools. Guess it's a trade off, PITA and better budgetting.
Seriously, tho. Unless there is a compelling business reason, move your public web server to a hosting company. It's probably cheaper in the long run, as well as more secure. If you need an externally accessable intranet website, put it on your DMZ. Make sure you have a decent AV (I recommend Kaspersky). Have an automated patch system in place, if you have no budget, go with WSUS. I sincerely hope you're using a centralized patch location so that each of your client machines is not soaking up your uplink to the internet. Turn off AutoUpdating. Test patches before deploying. Try to get a spare PC or two for testing, ditto a spare server. Keep a very close eye on your backups and always look for better ways of managing them. Make sure you have a hardware firewall (Cisco PIX's are relatively cheap), that is decently configured.
If you do your job correctly, you can improve security AND performance with a little effort.
