Team System Dz Deface

UPDATED TO ADD: Get the latest on Team System DZ here. And gee thanks, YouKnowWhoYouAreMajorUKNewspaper, for reading our articles and not linking to them.

Well, somebody’s on a roll.

Much to the chagrin of over 200 victims around the world, including the University of New Brunswick’s Student Union, whose website remains offline. Still an “offline” notification is better than the “i love you isis” deface that it replaces.

Who did this, why, and why is such a massive string of defaces only coming out now?

It’s an unusual combination of factors including Israel, ISIS, low hanging fruit, and Canadian Thanksgiving.

It’s been a long weekend in Canada, which celebrates Thanksgiving earlier than the US so they can get it over with before everything freezes solid. Neither students nor staff would typically check in on a website as minor as the Student Union site over the course of the poultry-and-family-centric holiday, so it was somewhat more of a shock when they did look, on Monday night, and found this. It was automatically national news, in fact.

Six days ago Canada’s Parliament voted to join the US and its allies in air strikes against Syrian rebels.

Student Union reps told the National Post that the deface was removed within two hours of posting, but the website itself remains offline. Presumably a diligent sysadmin is scouring the file system looking for malware.

Defaces are typically low-level actions, requiring nothing more than a password and username combination, but in some cases they can be a front for a much more invasive hack which takes control of the software and leaks the database, or worse. The deface claimed the hack for Team System Dz, an anti-Israeli group who previously pulled an identical stunt back in July, when they participated in #OpSaveGaza.

According to Geektime.com, which identified the group as anti-Israeli Arab teenagers, back in July Team System Dz used misinformation including mislabeled photographs to drum up outrage about the situation in Gaza, and use the #AnonArtsInternational hashtag to leverage the power of the enormous hacktivist collective. But it is a team, a crew, separate from Anonymous and operating independently; sometimes their goals converge, and sometimes it’s just useful for a small crew to take cover in the big tent.

This time they found it advantageous to stand out. At least for a weekend.

According to deface tracker site Zone H, since Friday morning the team has defaced over 200 websites globally, indiscriminately. They appear to be picking off low-hanging fruit. The sheer number of defacements is the point of the attacks: once you hit a hundred or so, whether the hacks were difficult ceases to matter and they become a phenomenon through sheer tonnage. They intimidate the opponent (as to images of scimitars, countdowns in black and blood red, and all the rest of the theatrics.

There is no discernable pattern to the websites targeted: everything from escort sites to Boatingdog.com. The few I checked which were up and running now seemed to be running on WordPress, however. While once the popular standard, WordPress has lately become notorious for the number of vulnerabilities and opportunities it inadvertently offers hackers. As the software grows in complexity, it offers hackers more possible approaches; it’s the nature of software. It just never gets simpler.

Devise one hack that works on a site running a particular configuration of the software and you have essentially hacked ALL of them; all that’s left is the button-pushing. That is how massive attacks like this happen. It’s one flaw, one vulnerability, exploited two hundred separate times. And WordPress is used by millions upon millions of websites.

Many of the sites are already back online and in the case of EditFestival.com their webmaster has cleverly redirected their URL to their relatively impregnable Facebook page, https://www.facebook.com/editfest. That’s a workaround that should command respect from the hackers themselves.

And as far as the Powers That Be are concerned, it’s payback time. It’s uncertain what the UNB Student Union can do to them, but Facebook has removed their 3,000-strong page, where they chronicled each deface and hack.

I just wish they’d have let me screencap it first.

Their Twitter feed is comparatively anaemic, at 42 Followers. But with no other recourse, the hackers can be expected to use it as their sole news outlet until it gets suspended.

Congratulations to the University of New Brunswick on its very first recorded involvement in global cyberwar. Mazel tov.

Categories: Attack, Black Hat, Canada, Crews, Crime, Cyberwar, Defaces, Facebook, Hackers, Hacktivism, ISIS, Jihad, News, OpSaveGaza, Politics, Team System Dz, Wordpress