Several state government websites in Ohio, including those of former Gov. John Kasich and his wife, Ohio First Lady Karen Kasich, were defaced over the weekend in a rash of hacking activity aimed at state and local governments claimed by Algeria-based pro-ISIS hacktivists.
The defaced websites played the Islamic call to prayer and threatened President Donald Trump, noting that he would be held accountable for “every drop of blood flowing in Muslim countries” and ended “I Love Islamic state [sic].”
An Ohio official told the AP that the hacks happened about 11am on Sunday, and the sites were all restored by Monday morning, as were most of the others struck. According to Zone-H, an Estonia-based site that has tracked website defacements like these for 15 years, the targets included government websites of Howard County, Maryland and other towns and counties in New York, Idaho and California.
Zone-H preserved a mirror of the defaced Ohio governor’s site here. Defacements are considered a lower-level form of cyberattack, akin to vandalism, and are typically the work of the technically unskilled hackers derisively labeled “script kiddies.”
The defacements announced “Hacked by Team System Dz,” and were highlighted on the group’s Facebook page. The group, which reportedly has been hacking and defacing websites with pro-ISIS material for several years, has used brute forcing attacks against websites built with the content management system WordPress, according to a posting from January 2015 by coder and blogger Nick Fogle.
Other reports of the group’s activities date back to 2014, and several researchers have traced their activity to IP addresses in Algeria.
The FBI issued a bulletin warning of such attacks by individuals and groups supporting ISIS in April 2015. “The FBI assesses that the perpetrators are not members of the [ISIS] terrorist organization,” the bulletin states, adding that the hacktivists are “using relatively unsophisticated methods” and employing the ISIS name “to gain more notoriety than the underlying attack would have otherwise garnered.”
The bulletin says the hackers were taking advantage of “common WordPress plugin vulnerabilities easily exploited by commonly available hacking tools.”
“We are investigating how these hackers were able to deface these websites,” Tom Hoyt, chief communications officer for Ohio’s Department of Administrative Services, told the AP. “We also are working with law enforcement to better understand what happened.”