On Tuesday a group of self-described Iranian hackers defaced the website for a Texas government department.
A website defacement is typically a low-skilled hack in order to spread a particular message and normally doesn't pose any other tangible security risks, but defacements are likely to receive more attention at this moment due to heightening tensions between the U.S. and Iran and the fact that they are visible on public websites. Last week, President Trump ordered the assassination of Iranian military commander Qassem Soleimani, which Iran has vowed to respond to.
"Hacked by Iranian Hacker," the defacement on the site of the Texas Department of Agriculture reads, along with an image of Soleimani. The defacement claims "Shield Iran" carried it out. Other recent defacements also mentioned Shield Iran, including those against the Sierra Leone Commercial Bank. Even though the defacement itself attributed responsibility to a particular group, it is difficult from the outset to know exactly who carried it out.
The defacement shouted-out several different nicknames. A Google search of one of those led to another, previous defacement, which said "Long live Ashiyane." Ashiyane was an established Iranian hacking forum that was managed by a security contractor with ties to Iran's Islamic Revolutionary Guard Corps.
A Google search for terms included in the defacement led to several other websites with the same or similar image. One for the Parikrma Humanity Foundation, a non-profit in Bangalore, contained largely the same defacement but also included a rap music track. The site for the South Alabama Veterans Council was also targeted.
Do you know anything else about Iranian hacking? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
A defacement on another U.S. government website over the weekend, the Federal Depository Library Program, included an image of President Trump being punched in the face. "Hacked by Iran Cyber Security Group Hackers," the defacement read.
This week several experts explained how although Iran does not have the same calibre of cyber capability as Russia, China, or the U.S., its hackers can still do damage and be particularly aggressive. In 2012 hackers working for Iran knocked out 30,000 computers belonging to Saudi state oil company Saudi Aramco.
Subscribe to our cybersecurity podcast, CYBER.