A rash of digital mischief hit many local websites over the past week, with the sites of CapitaLand, Komatsu Engineering and the local campus of the University of Las Vegas being vandalised by miscreants. Messages left behind by the vandals ranged from self-praise to politically charged statements.

The bigger point is not to be missed, however: Among the sites targeted were many small and medium-size enterprises (SMEs). To hackers gunning for the dubious honour of bad-hat exploits, even smaller sites are fair game. (See Guard Your Website.)

To be sure, these attacks are not simply a local phenomenon - they represent just a small proportion of many such attacks that occur across the Internet.

A search on Zone-H (www.zone-h. org), a site dedicated to archiving and monitoring such attacks, for Spykids, one of the names left behind by the hackers, revealed that the Brazil-based group was ranked third on the online defacement list, with more than 30,000 defacement incidents to its name.

The methods used by online vandals range from the simple manipulation of poorly-coded websites to more complex server intrusions.

One popular method takes advantage of the fact that many websites have forms allowing users to submit feedback and contact the company.

If these forms are not securely coded, hackers could enter malicious code and submit the form to modify the webpage or add one of their own.

Another popular technique used by hackers is breaking into an unsecured server and making changes to the scripts that run the server itself.

This could result in all the webpages on that server being defaced at one go.

Such attacks are more common during the holiday season.

Mr Viren Mantri, principal of strategic security services at McAfee Asia Pacific, explained: 'During such periods, these vandals have more free time to devote to such activities.'

Compounding the problem is the fact that learning how to deface websites is not a difficult procedure.

Mr Ooi Szu-Khiam, senior security consultant at Symantec Singapore, noted: 'Anyone can easily get their hands on a tutorial on SQL injection or cross site scripting through a simple Web search.' Basic SQL and HTML knowledge is all that is needed to carry out such attacks.

Harmless looking defacements may disguise bigger intrusions.

Mr Mantri said: 'Defacement could be used as a tactic to draw attention away from more serious violations, such as theft of confidential information.'

Even if no serious damage has been done, the reputation of a hacked company may be adversely affected.

Mr Mantri noted that customers may see such intrusions as a sign that the company cannot be trusted with their personal information, and opt for a competitor's services instead.

End-users may also be adversely affected. Hackers may use their access to the server to create phishing pages on legitimate websites, opening a way for them to steal information entered into such pages.