Hackers Deface U.S. Gov Website With Pro-Iran Messages [UPD]
According to the indictment, Mohammadzadeh has publicly claimed to have personally defaced more than 1,100 websites around the world with pro-Iranian and pro-hacker messages, which he began in 2018 and continues through the present day. Abusrour is a self-described spammer (sender of unsolicited emails for profit), carder (illicit trader in stolen credit cards) and black hat hacker (a hacker who violates computer security for personal gain or maliciousness) who has publicly claimed to have defaced at least 337 websites around the world, which he began no later than June 6, 2016, and continued through at least July 2020.
Hackers Deface U.S. Gov Website With Pro-Iran Messages
A group claiming to be from Iran hacked and defaced a US government agency website on Saturday, posting an image of Trump being punched in the face alongside pro-Iranian messages. The news was first reported by The Daily Mail.
"We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging," the spokesperson said in a statement to Newsweek. "At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken off line and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners."
Furthermore, due to defacement, both websites were forced to display messages in support of the Iranian and against the US government. One of the illustrations on the hacked FDLP displayed US President Donald Trump being punched.
Holt collaborated with Rutger Leukfeldt and Steve Van De Weijer from the Netherlands Institute for the Study of Crime and Law Enforcement to analyze more than 100,000 web defacements against websites from January 2011 to April 2017. The researchers wanted to see if the targets of defacements were associated with attacker motivation, and how they actually performed the hack as well.
A statement said: "We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors.
Shortly after Soleimani's death was confirmed, Mohammadzadeh \"transmitted computer code to approximately 51 websites hosted in the United States and defaced those websites by replacing their content with pictures of the late General Soleimani against a background of the Iranian flag, along with the message, in English, 'Down with America' and other text,\" the indictment said.
\"Suddenly I find myself Iranian hackers and I help them hit American sites,\" he said in a comment on Mohammadzadeh's account. Mohammadzadeh is reportedly responsible for defacing more than 1,100 websites with pro-Iranian and pro-hacker messages.
Regardless of what the regime itself decides to do, Iranian hackers not affiliated or only loosely affiliated with the Iranian government have already begun taking the initiative to launch low-level, unsophisticated cyberattacks. Soon after the drone strike, attempted attacks against U.S. federal, state, and local government websites originating from Iranian IP addresses jumped 50 percent, according to website security firm Cloudflare.99 Pro-regime hackers successfully defaced websites belonging to the Federal Depository Library Program,100 the Texas Department of Agriculture,101 and an Alabama veterans organization.102 This type of defacement is very simplistic and therefore likely conducted by pro-regime hacktivists looking for the least secure .gov and other websites to score propaganda victories rather than hackers contracted by the Iranian government to conduct a meaningful cyber operation to damage the United States and its allies.
On Tuesday, someone defaced a government-run site belonging to the Texas Department of Agriculture with a picture of Soleimani alongside the text "Hacked by Iranian Hacker. Hacked by Shield Iran." A similar image appeared on the privately run website for the South Alabama Veterans Council.
But, just as in the physical domain, Iran has thousands of proxy hackers, associated groups, sympathisers, even lone wolves. What we will now see are countless websites probed and explored for weaknesses. We will see this in the government and commercial sphere. Those associates will look to deface websites, plant warnings, sow fear. It will be something of a free for all. Meanwhile, from a more centralised and structured perspective, attacks are likely to look for headlines. And, beyond it being the first since Suleimani, the Federal Depository Library Program doesn't fit that bill.
Internet freedom remained highly restricted in Iran during the coverage period. Authorities attempted to disrupt protests and stem coverage of violence through several localized internet shutdowns during the coverage period. A majority of international websites and social media platforms are blocked by Iranian authorities and online self-censorship is encouraged by the arrests and intimidation of government critics. A draft version of the User Protection Bill was presented during the coverage period, which, if passed, would provide authorities with even greater powers to restrict the online space. Online surveillance and cyberattacks continued to threaten internet freedom, and hackers targeted state infrastructure across the country. In September 2022, after the coverage period, massive antigovernment protests spread across Iran after Mahsa Amini died while in state custody; Amini had been arrested by morality police in Tehran for the offense of "improper hijab." In response to the protests, Iranian authorities blocked access to websites and platforms including Instagram and WhatsApp, disrupted internet and mobile services, and violently cracked down on protesters.