A pro-ISIS hacker who claims to have helped deface dozens of U.S. government websites over the weekend has warned that the worst is yet to come, although the person wouldn’t elaborate on where and when the next attacks would be.
“This is only the beginning,” the self-identified hacker told VICE News on Monday. The hacker claims to be a member of the group Team System DZ, which took credit for multiple attacks against a range of government websites on Sunday from Louisiana to Michigan and Ohio, including Ohio Gov. John Kasich’s official page.
Despite the hacker’s admission, however, security experts question their ability and described the online vandalism as a grab at media attention rather than a significant threat.
The defaced websites featured pro-ISIS messages — some for just a few hours, others still compromised as of Monday morning — that President Donald Trump would be held accountable for “every drop of blood flowing in Muslim countries” and ended with, “I love Islamic State.” Other sites similarly affected were the Ohio Office of Health Transformation, the Ohio Department of Medicaid, the Ohio Department of Rehabilitation and Corrections, the Ohio Inspector General, and the website of Ohio’s first lady, Karen Kasich.
The hacker called himself “a supporter of Islamic State in Iraq” and said that the aim of the attacks was “to highlight what is happening in the Arab countries, of the killing and displacement of children.” The hacker, however, wouldn’t give any details about what type of attacks the group would be carrying out next or who the targets would be.
While the hacker would not reveal their identity or location, they did reveal that Team System DZ was a network of different hacking groups based in Maghreb, a region that includes Tunisia, Algeria, Jordan, and Saudi Arabia.
According to Zone H, a tracking service described as “an online trophy cabinet for low-skilled hackers,” Team System DZ was responsible for more than 200 website defacements on Sunday alone, hitting sites in countries like Malaysia, France, Germany, and the Netherlands.
IT staffers at the Ohio Department of Administrative Services are working to resolving the issue. “All affected servers have been taken offline, and we are investigating how these hackers were able to deface these websites,” spokesperson Tom Hoyt told CNN Sunday. “We also are working with law enforcement to better understand what happened.”
Although the attacks Sunday have garnered a lot of media attention, cybersecurity experts are eager to point out that these attacks require limited skill and don’t necessarily threaten U.S. security, especially when compared to the attacks being carried out by nation-state hacking groups, like Russia’s alleged interference in the U.S. election last year.
“Such an attack is not overly sophisticated and is easy to pull off against a website that lacks basic security controls,”Lee Munson, security researcher with Comparitech, told VICE News.
For example, the hackers used a so-called brute force attack, a trial-and-error method of obtaining information, like a user’s password, according to Itsik Mantin, director of security research at Imperva. He called Team System DZ’s efforts “mostly opportunistic” using “basic hacking tools.”
Once hackers find unprotected websites, they can target them with automated attacks. That method would explain the scattershot websites Team System DZ claims to have hit on Sunday.
Team System DZ came to prominence in 2013 when they took part in the Operation Gaza attack, a campaign led by the hacktivist group Anonymous. Team System DZ, however, has never been officially affiliated with Anonymous. A year after Operation Gaza, the group dramatically changed tactics and started defacing websites in the name of ISIS.
Following those attacks and subsequent media coverage, security researcher Scot Terban, known online as Krypt3ia, said the group was simply “looking for the lowest of low-hanging fruit to garner some attention for themselves.” Terban identified the group’s leader as Ahmed Saoudi and described him as “just a derpy kid in Algeria with nothing better to do than deface sites with others’ tools.” In a video tutorial Team System DZ posted online, the group even accidentally leaked its own IP address, which pinpointed its location in Algeria, as Terban highlighted at the time.
When asked if Saoudi was involved in the group, the hacker who spoke to VICE News said they had never heard of him.