Pro-ISIS Hacking Group Continues Defacement Campaign

30.6.2017 securityweek CyberCrime
Pro-ISIS hacking group Team System DZ is continuing its website defacement campaign. Over last weekend several websites in Ohio and Maryland were forced to shut down after messages threatening President Trump and supporting Islamic State were posted on the sites.

The campaign has continued through the week, often targeting education and local government authorities. On Tuesday, a Los Angeles County government website belonging to the Board of Supervisors was defaced with the same message as that posted to the website of Ohio Gov. John Kasich and a Howard County, Maryland website: "You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries."

Elsewhere, the Ventura County Star reported yesterday, "The websites of numerous school districts in Ventura County went offline Wednesday morning after hackers targeted certain systems operated by the Ventura County Office of Education." Two sites were affected, but a further five sites were taken down by the authorities as a precaution.

Exact details of the hack are not clear, only that visitors were redirected "to a group's webpage where pro-ISIS views were posted." Team System DZ is not named, but the report adds, "The group behind the Ventura County hacking also is suspected of targeting the website of Ohio Gov. John Kasich on Sunday as well as a government website for Howard County in Maryland."

The campaign is not limited to the US. Yesterday, the Department of Basic Education in South Africa announced, "A short while ago we discovered that the Department's website has been hacked. The people who breached the website have since posted gory pictures of decapitated corpses, some of whom are children."

The authority then posted the hackers' message, apparently in full: "Hacked by Team System DZ. A message to the government, the American people and the rest of the world. Is this the humanity that you claim, or is life irrelevant to Muslims? Do not imagine that these acts against Muslims will pass you and we will forget what you did to the Arab and Muslim peoples all over the world. I love Islamic State."

At the time of writing this report, the site in question (www.education.gov.za) is still down.

On Tuesday, Ars Technica claimed that the initial weekend hacks had a common factor: "they were running on an outdated version of the DotNetNuke (DNN) content management platform." The implication is that if the hacked sites had updated their software they would not have been so easily breached. DNN patched the vulnerability in May 2016.

It is not clear whether all .the hacked sites used a similar outdated platform, but it is quite possible. While updating website software to the latest version is always good advice, at this moment it would seem an imperative for all DNN users.