ISIL is defacing web Sites using WordPress vulnerabilities
http://www.ic3.gov/media/2015/150407-1.aspx
ic3=Internet Crime Complaint Center
recommendation is to update your WordPress website as much as possible when necessary:
check the following sites:
http://www.securityfocus.com/bid,
http://cve.mitre.org/index.html,
https://www.us-cert.gov/
for vulnerabilities and update your site as needed.
In practicality it means updating your WordPress site as the plugins are updated (log in regularly and update).
Here is a link to tell you how to harden your site.
http://codex.wordpress.org/Hardening_WordPress
That is how to update your site if you have one, but if looking for a government website how do you know it is fake?
Images of government seals can be downloaded and placed on a website:
It will not be obvious like this image shows after a site was taken down by ICE:
It will likely have a weird looking domain name and barely look legitimate. But it will ask for all your personal information, maybe even a fee. All of us need to become more aware of what fake sites may look like.
The fact that ISIL is doing this work is ironic, and somewhat expected. ISIL wants to score propaganda victories so they are going after low-hanging fruit (the easy sites to hack). If somebody does not log in to their WordPress site regularly and does not update their WordPress software then it can be hacked. So who has this low-hanging fruit with the highest propaganda value? Government websites. Look what happened when the Twitter accounts of CENTCOM were hacked, it was a major propaganda victory.
Some small businesses were hacked on March 9th
As XKCD comic shows, although the media gets a story for a few minutes, most IT people disregard the actual hack, as it is not that big a deal. Since it is fairly easy to hack a computer and typical users do not update their computer software, so this is not really major news.
