The latest target of pro-ISIS hackers is none other than 800 school websites across the United States.
Early morning on November 6, the websites for schools and school districts were hijacked and redirected to a YouTube recruitment video in Arabic and the statement “I Love Islamic State” in English with an image of former Iraqi dictator Saddam Hussein on a black background, according to Jim Brogan, director of technology services for schools in Gloucester County, Virginia.
The attack, which lasted a few hours, affected schools in Arizona, Connecticut, Virginia and New Jersey. The hack also affected private companies and government websites.
This should all ring a bell, given that hackers going by the same name have been more or less making the same defacements for years. Namely, a photo of Hussein accompanied by an Arabic message seen on an IS flag that reportedly reads “There is no god but Allah” and “Mohammed is the Messenger of God.”
“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”
According to the International Business Times, the web hosting company, SchoolDesk that services the school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut confirmed the attack and said that a group going by the name “Team System DZ” claimed responsibility.
The company since has handed over its server — which runs out of Georgia — to the FBI for investigation and also has hired external security firms to trace the hackers.
The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites. It has advised administrators to change passwords.