“Hacked by CTzEN”

“Hacked by CTzEN”

Recently, between the 24th of October and the 26th, my website was hacked for the first time (that I know of—according to Katalyst Creative there are only “those that have been hacked and those that don’t know they’ve been hacked”).

This was done by someone who calls themselves CTzEn, and afterwards my website looked like this:

I thought I would write something about the experience, as it would seem no-one else has. A quick internet search (through Tor—other browsers, it seems, would not) revealed a few of the websites they have hacked, and which haven’t had their databases cleaned cleaned properly afterwards.

Among these was What Revit Wants, which is a blog also hosted in Iceland, and DJ Headlines. There were also many other websites of less reputable content, and for those reasons I will not list them.

An interesting site which at the time of writing (2017/10/26) still remains hacked is Metro Hungry, with their metadata listing “HACKED BY HCD28 !!! Sector Cyber Team–Thanks To All Team Defacer Indonesia–“”””” Greetz To: || HCD28 || CTzEn || MAGIG_404 || MFY …”. So, though they speak English they may be Indonesian and, unless the name is commonly used, CTzEn has teamed with these other hackers in the past.

My estimate is that hey haven’t been hacking for very long—I would say between 1-5 years. I would also guess them to be young, between 12-21, due to a post I found on PasteBin (I’ve shared the screen-capture below, which has been edited it so the guest title and relevant line of script both appear in the same image).

CTzEn – If you are reading this, it would have been much nicer for me if you had included the above message.

Why do I think they haven’t been hacking for long? Because this post was made roughly a year ago. For someone to become so desensitised in such a short time suggests they hadn’t had the experience necessary to stop caring (those with more experience have less of a learning curve).

As to their age, that is a very rough guess. But their last sentence stands out to me as something I would have written as a teenager.

Now, the experience of being hacked was a very hurtful one for me, personally. It was quite a shock to visit my website—a project I have put a lot of time and effort into—and see that all my articles had been deleted, with my homepage and header changed. Admittedly this is a much friendlier method of hacking than injecting a virus or other malicious software into the script without anyone knowing—but it still hurt (a lot).

I have gone out of my way to host my website in Iceland in support of privacy and freedom of speech, and being made the target of hackers—who are “meant” to stand up for these things—left me feeling confused and wounded. But at this point I was mistaking the word “hackers” with “hacktivism”—and upon close examination my only experience on the subject has been vicariously through modern media, not through real life.

What happened to me, I will say, was a dick move. If you’re teaching yourself, it’s unnecessary to deface and delete someone’s content—especially a lone individual’s—to let them know what’s happened. You can leave them a friendlier message without destroying what people have put a lot of hard work and effort into.

Restoring a database—assuming the person who runs the website is organised enough to keep backups (and the realities of that is not everyone is, and it’s not always a service website hosts provide)—is a very difficult thing to do, and regardless of whether or not the individual lost their work it’s a lot of extra time and effort spent on something that shouldn’t have happened in the first place. Yes, it is an event they should have been able to prevent by insuring their website was secure, or that their computer didn’t have any viruses picking up passwords—but without hackers, there wouldn’t be a need to ensure that security.

From my research, most of the websites that CTzEn hacked were run off WordPress. This is probably because it’s Open Source (one of the many reasons why I support it) and has plenty of wonderful documentation offered by all kinds of people and users, which means anyone can teach themselves from it quickly.

However the downside of this is that—if there are more hackers targeting WordPress because the community is so open in sharing their knowledge— a lot of WordPress users, bloggers, and small businesses trying to run their own websites are going to move back to companies who work with closed licensing instead, simply for the security they offer (and are directly responsible for).

Short of that, a lot of peoples instincts would be to use WordPress security plugins, such as Wordfence. Wordfence actively scans and monitors all of your content (as well as who your end-users are, and what they’re doing) to make sure it’s secure. However, Wordfence is a service run out of the United States of America, and paired with their transparent Privacy Policy it would contradict most of what I host my website in Iceland for in the first place.

For this reason, I have chose not to install their software, and it is a choice I currently stand by. But I will continue looking into independent (European) alternatives.

In the end, I have come to believe that the reason I was hacked was because I hadn’t updated my website’s parent theme. This was because it not only patched script weaknesses, but also altered some of the visual layout, and I needed to migrate my live website to a local database-server hosted by MAMP and fiddle with the PHP to get it looking good again. And, because I’m a very busy person, I had been putting it off when (not knowing the risks), I should have prioritised it.

At the moment the visuals are going to take a while to fix, but the security patch is why I’ve allowed the website to remain live while looking as it is. I’m thinking of re-installing and setting up this site again on a fresh database (not just this clean backup), as it would allow me to improve its security with all I have learned. There’s so many resources I didn’t consider as a beginner, because at that point it was a big enough deal to get the website up and running, as well as looking good.

Now I need to increase its functionality.

2 thoughts on ““Hacked by CTzEN”

    1. Hi Luke,

      That’s really interesting. When was your website hacked? I’m curious whether it was recently, and if not, maybe that backs up my idea that CTzEn’s become desensitised over time. It’s nice to hear you didn’t lose as much as I did though 🙂 Who knows, maybe I just rubbed them the wrong way ¯\_(ツ)_/¯

Leave a Reply

Your email address will not be published. Required fields are marked *