I never understood publicly defacing a site like this, if you're technical enough to access a domain with a fair amount of traffic, why not inject some script that'll give the visitor a drive-by download, and go in for the long (and more profitable) game?
Then again, I'm calling these people technical, apparently it's a simpler game now with scripts that any regular Joe (or his 14-year old kid) can run.
> I never understood publicly defacing a site like this, if you're technical enough to access a domain with a fair amount of traffic, why not inject some script that'll give the visitor a drive-by download?
Because the point isn't to cause damage to the user in any way (usually), but rather to (some combination of) 1) show off your skills, 2) embarrass the site owners, 3) get a message out, 4) have bragging rights. It's generally a fairly non-destructive practice, just silly.
Its no simpler now than it used to be. People have been saying that (and citing the whole 14yo trope) since the 80's. It does require skill, even if you're just using scripts.
What would give them more technical credibility in you eyes? If they wrote the attack themselves? In C? In Assembly? We all automate the hell out of things and lean toward the highest level languages for server automation anyway, why demean them when everything is a 'simpler game now with scripts that any regular Joe can run.' Have you seen Chef or Puppet, Flask or Rails?