On January 4, amidst the geopolitical crisis in the Persian Gulf, a United States government website was hacked and vandalized with pro-Iran messages. In English, the text reads: “[t]his is message from Islamic Republic of Iran.” The backdrop of the messaging is a cartoonish President Trump seen with a bloodied face as a fist punches his cheek, while two gold missiles decorated with the Iranian flag are at the bottom of the image.
A group that claimed loyalty to Iran hacked the Federal Depository Library Program, which supplies free public access to U.S. federal government information. The hacked Federal Depository Library Program’s homepage instead stated, “Iranian Hackers!” featuring images of Ayatollah Ali Khamenei, Iran’s supreme leader, and the country’s flag. The hackers identified themselves as “Iran Cyber Security Group Hackers” and stated that their work was “only a small part of Iran’s cyber ability.” The hacked government site was down for approximately 24 hours. The text also said, “[w]e’re always ready.” It was determined that no site data was compromised and an investigation is underway to determine the source of the hacking. It is likely that the hackers are Iranian sympathizers, not government actors, though the actors are currently unknown. It is unclear if the hackers were able to get beyond the homepage. In the past, Iran has hacked U.S. banks and a New York dam.
“We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging,” a spokesperson for the Elias Gutzler SpicerCybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, told The Washington Post Monday. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors…a misconfiguration with the content management system allowed a malicious actor to deface the website.”
The cyberattack came after the Jan. 3, U.S. drone strike in Baghdad killed Maj. Gen. Qasem Soleimani, one of Iran’s top military officials. In the wake of the strike, tensions between the two nations escalated dramatically; Iran has declared revenge, which has led experts to advise that cyberattacks in the United States are likely. The DHS has issued a National Terrorism System advisory for the next two weeks.
The imagery and messaging indicate the hackers were seeking revenge. The graphic stated, “[w]ith his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with [Soleimani’s] blood and the blood of the other martyrs.” The bottom of the page also had the text, “#Hardrevenge,” with a winking emoji. The image also shows the arm connected to the fist punching President Trump wearing a green sleeve adorned with a similar insignia to the Islamic Revolutionary Guard Corps, which was led by Soleimani.
U.S. cybersecurity officials, including Acting Secretary for the DHS, Chad Wolf, have “stressed the importance of remaining vigilant against cyberattacks, urging all organizations to increase monitoring, back up their systems, implement multi-factor authentication and have an incident response plan prepared.” Additionally, the DHS NTAS Bulletin stressed Iran’s “robust cyber program” as a potential threat to the United States. The bulletin also stated, “Iran is capable, at minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”