An Anonymous anomaly: ‘This site may be hacked’ – and the site is Wikipedia
Fri 13 Feb 2015
It’s a big week for the Anonymous hacking group. Whether or not the online cabal was responsible for it, their signature was found in a hacked petrol pump; and in keeping with the group’s customary sense of drama, it has promised to unmask today a vast swathe of high-level paedophiles, in a data flood that the group claims will redefine it as “the nightmare on Elite Street”.
Yet what I’m wondering is this: has the group managed to perform a particularly difficult hack against Wikipedia – or even Google? Or both? Take a look at this:
If you perform a Google search for ‘Anonymous’ today, you’ll see that Google has appended the warning ‘This site may be hacked’ to the Wikipedia entry for the Anonymous group in the search results. I have no idea how long the warning has been there, but I first noticed it two days ago.
The message is strange partly because it reads ambiguously – is it a warning from Google or a boast from Anonymous?
But it is primarily strange because it appears in no other Wikipedia-related search results that I can find; Google does not append such warnings on a page-by-page basis, as any webmaster or editor who has ever been struck by a cross-site scripting attack will know – if it discovers even one page on a domain which it considers has been compromised either by malware and spam or by malicious software, it flags results from the entire domain with one of two warnings (‘This site may be hacked’ or ‘This site may harm your computer’, respectively – and note that the warning refers to the ‘site’, not the ‘web-page’).
Google does this on the reasonable assumption that casual readers of the attacked site may click on an infected page from a non-infected one which they reached via Google. And it leaves the warnings up in search results until it notices that the problem is resolved (and also provides guidance on how to resolve it). I know more about this than I would like, having been on the sharp end of an SQL-injection attack at a major website at a London publishing company.
Yet Google’s own diagnostic tool gives Wikipedia a clean bill of health, as I write, claiming that wikipedia.org ‘is not currently listed as suspicious.’
I only have questions: are Anonymous having some obscure fun with Wikipedia and/or Google – or is some other group, illicit or otherwise, discouraging views of the group’s Wikipedia entry via strange means?