It doesn't take very many people to hack that many websites. It just takes website administrators who don't secure their websites and keep their servers updated with the latest security patches. With the automated vulnerability scanning and exploitation tools available today and so many unpatched, unprotected websites, it is not too hard to hack and deface a large number of them.
I totally agree.
It relies on the web masters to use Microsoft products. That much seems believable.
But mounting this level of attack requires planning, and multiple attackers, and would have happened much earlier (years ago) if it was as easy as you indicate.
There are automated bots out there which would have long since discovered these vulnerable machines if they were simply cases of unpatched machines.
The problem of unpatches machines largely affects ma and pa polyester, but most businesses either a) don't host their own site, or b) use automatic patching which even lethargic Microsoft has finally taked seriously.
Note he attacks were not random, they were targeted toward Danish and western sites. Picking vulnerable servers randomly would not yield such fine control.
So either the story is overblown (which one can never discount these days) or they had help. Rampaging muslims running up and down the streets just don't have the methods, knowledge or resources.