Defacing a website means changing its appearance without any authentication to do so. In a website defacement attack, the hacker either inserts inappropriate copy, or images on a legit website or shut the website down entirely, making it non-functional.

Hackers typically access a website’s hosting environment and make changes in important assets like public_html directory, SQL databases, or WordPress’s admin account. Attackers get such unauthorized access by exploiting security vulnerabilities using techniques such as SQL injections, brute force attacks, credential leakage, cross-site scripting (XSS), malware insertion, etc.

Website Defacement Motives – Why & How attacker deface a website

Before moving to website defacement examples, let’s understand why people choose to deface a website. You might be surprised to know that most of the time, a hacker’s driving force behind these attacks is not to get financial gain. So, what could be their intentions then?

The motives behind website defacement can be following.

  • To ruin a person or company’s reputation
  • To take revenge
  • To prove a point (Hacktivist)
  • To teach a lesson
  • For political reasons, like damaging a political party’s image
  • To gain popularity in the cybersecurity community
  • To get ransom by asking money to bring back the website to its original version
  • To advertise the competitor’s product/service
  • To enjoy and feel empowered for their accomplishments of successful web defacement attempts.

No matter what the purpose of website defacement is, such activities cause embarrassment, reputation loss, and even financial loss (in some instances) to the website owner. People may start doubting your website’s defense mechanisms and feel reluctant to share their personal and financial information on it.

But a how a website defacement looks like in the real-world? Let’s check out these 5 interesting website defacement examples of reputed sites, and screenshots showing how the defaced websites looked like after the attack.

5 Interesting Website Defacement Examples

1. 51 US Government Websites Got Defaced

Two Iranians defaced at least 51 US government websites in the year 2020 to show their resentment and anger toward the assassination of Iran’s military general Qasem Soleimani. They posted various images of late Soleimani, messages against the US government, and images of the then current US President Donald Trump in offensive ways. Later, two Iranians were held guilty for this defacement act. Here are two website defacement examples.

i) TheBestOfMinneapolis.org

TheBestOfMinneapolis.org got hacked and was showing late Qasem Soleimani’s image with hacker’s email address, social media handle, and a message “Down with America.”

website defacement examples Image Source: Znet
ii) US Library Program Website

On January 6, 2020, The Federal Depository Library Program’s website was defaced and showed the following disturbing image of President Trump with a vengeful message.

website defacement examples Image Source: Dailymail.co.uk

2. Ashley Madison Website Defacement by Hacktivists

Some people want to spread a moral message in society, and they choose hacking as the method for their purpose. They are known as hacktivists, i.e., hacker+ activist. One of the popular website defacement examples of such kind is Ashley Madison’s website, a famous site for extramarital affairs. A group of hacktivists named “Impact group” defaced Ashley Madison’s website, and put a message stating that the website must be permanently shut down. The hackers also publicly released identity of 32 million members to teach them a moral lesson. Here’s what the website looked like after defacement.

website defacement examples Image Source: krebsonsecurity.com

3. Indian Defense Ministry Website Defacement Example

Some alleged Chinese hackers hacked the Indian ministry of defense (mod.gov.in), defaced it and made it non-functional. The website showed the message “Error. The website encountered an unexpected error. Please try again later”. The purpose behind this web defacement was not only to cause operational disruption but also to embarrass the Indian government by indicating that they couldn’t defend their defense ministry’s website. This is how the mod.gov.in website looked like after the defacement.

website defacement examples Image Source: business-standard.com

4. Spanish Presidency Website Defaced with Mr. Bean’s Image

A Spanish Presidency website, eu2010.es, was hacked and defaced by some hackers. Although the entire site was kept functional, the Spanish Prime Minister Jose Luis Rodriquez Zapatero’s image was replaced with the comedian Rowan Atkinson’s, who played Mr. Bean in the popular TV shows and Movies. The motive behind such website defacement was just to mock and embarrass Mr. Zapatero.

Below is the screenshot showing how the website looked after defacement.

website defacement examples Image Source: alphr.com

5. Bitcoin Forum Defaced

Another website defacement example that involves a reputed platform is Bitcoin’s defacement. A hacker exploited a security vulnerability in Bitcoin’s forum bitcointalk.org using a SQL injection technique. The attacker defaced the website with images and messages promoting CosbyCoin, Bitcoin’s competitor cryptocurrency. They also stole users’ information such as email addresses, hashed passwords and reading messages.

Here’s how Bitcointalk.org’s defacement looked:

website defacement examples Image Source: alphavilleherald.com

Final Words on Website Defacement Attack

In the above website defacement examples, you must have noticed hackers’ intentions are not always about making money from such activities. They generally deface a website just to take some revenge, prove their point, humiliate a government or organization, or disrupt a website’s operations. Whatever the hackers’ intentions are it is a problematic matter for an organization.

If the hackers make your website non-functional (like we saw with the Indian defense services website’s example), your users cannot use your site, contact you, or make a purchase. If the hackers delete your existing website files, your entire site could be gone forever. And worst among all, when people see your defaced website, they won’t trust your company and want to give you their personal or payment details in the future. Therefore, make sure to take all the necessary steps to make your security defenses robust, and detect vulnerabilities before a hacker does.

digicert small logo Stop hackers from hacking your business!

Get DigiCert Secure Site Pro OV SSL that includes a vulnerability scanner, malware detector, PCI scanners, website backup, multi-domain security, and many more advanced security tools.
Shop Now