Hackers Direct Users of Scottish Catholic Website to Online Pornography in Series of Cyber Attacks on Church

By Gerry Braiden
Herald Scotland
March 4, 2016

Hackers direct users of Scottish Catholic website to online pornography in series of cyber attacks on church

VISITORS to the web page of Scotland's largest Catholic congregation have been directed to a pornographic site, as it emerges the church has been the victim of a series of cyber attacks.

The Archdiocese of Glasgow said its website had been hacked by a group from Malaysia which had previously targeted HSBC and the Canadian military.

A spokesman for the Archdiocese said the church was now taking additional security precautions to guard against future attacks.

But, according to Scotland's leading Catholic newspaper, a number of other dioceses have also been targeted in recent weeks. Following the January hacking of the Glasgow site the Aberdeen Diocese was attacked.

Later, the St Andrews and Edinburgh Archdiocese’s website was also taken offline following an attack.

Church representatives said they could not say with certainty whether their websites were attacked because of their faith but were concerned three had been targeted in a short space of time.

A spokesman for St Andrews and Edinburgh Archdiocese said: “After carrying out a range of diagnostic tests, it seems pretty certain that our website has been attacked by hackers.

“Our website maintenance company are now working on fitting extra security to the site as swiftly as possible.

“Whether or not we were attacked because we are a Catholic site is not yet known, however it is worrying that at least two other Catholic dioceses in Scotland have also been attacked by hackers in recent weeks.”

According to the Scottish Catholic Observer, Aberdeen Diocese’s website suffered a sustained ‘brute force’ attack over two days. Brute force attacks are a trial and error method of gaining access to a website or to sensitive information.

Fr Tad Turski, who manages the diocese’s online presence, said the site was targeted with a 'botnet', a network of computers infected with malware and used without the owners’ knowledge to attack a site.

He said: “The attack wasn’t successful but it was pretty stressful. I don’t know what that attackers particular goal was but surely it wasn’t nice."

Speaking to the Catholic Observer, Kami Vaniea, a lecturer in cyber security and privacy at Edinburgh University’s School of Informatics, said an attack of this nature on three websites of a single organisation was "not necessarily normal" but said she believed the attack was most likely randomised.

She said: “They are just looking for easy victims. Usually when it’s a targeted attack they will deface the sites and make a political statement. You just have to catch the attention of someone who gets irritated and looks up how to do these things.”

Regarding the Glasgow Archdiocese attack, she added: "Considering the nature of pornography, and the nature of the site, that may have been targeted but I’ve had completely random servers develop that as well.”

Liz Leydon, editor of the Catholic Observer, said: "While Aberdeen and St Andrews and Edinburgh sites were attacked, Glasgow's was hacked and redirected traffic to images of explicit pornography. The Church site had to be taken down. The lesson is to be aware and to be web savvy and secure.

"From what we have gathered, our dioceses are taking the necessary security steps. It would be advisable, however, for parishes and lay groups with a web presence to also be aware and on their guard."

In 2012, the website of the Vatican was twice taken down by the hacker collective Anonymous who posted a statement on their site criticising Church teaching and history.

Late last year almost 157,000 TalkTalk customers had their personal details hacked in a cyber-attack on the telecoms company, including 15,656 whose bank account numbers and sort codes were accessed.

Last month hackers in China attempted to access more than 20 million active accounts on an online shopping site.








Any original material on these pages is copyright © 2004. Reproduce freely with attribution.