Team System Dz goes on hacking spree

Team System Dz Deface

Team System Dz Deface

UPDATED TO ADD: Get the latest on Team System DZ here. And gee thanks, YouKnowWhoYouAreMajorUKNewspaper, for reading our articles and not linking to them.

Well, somebody’s on a roll.

Much to the chagrin of over 200 victims around the world, including the University of New Brunswick’s Student Union, whose website remains offline. Still an “offline” notification is better than the “i love you isis” deface that it replaces.

Who did this, why, and why is such a massive string of defaces only coming out now?

It’s an unusual combination of factors including Israel, ISIS, low hanging fruit, and Canadian Thanksgiving.

It’s been a long weekend in Canada, which celebrates Thanksgiving earlier than the US so they can get it over with before everything freezes solid. Neither students nor staff would typically check in on a website as minor as the Student Union site over the course of the poultry-and-family-centric holiday, so it was somewhat more of a shock when they did look, on Monday night, and found this. It was automatically national news, in fact.

Six days ago Canada’s Parliament voted to join the US and its allies in air strikes against Syrian rebels.

Student Union reps told the National Post that the deface was removed within two hours of posting, but the website itself remains offline. Presumably a diligent sysadmin is scouring the file system looking for malware.

Defaces are typically low-level actions, requiring nothing more than a password and username combination, but in some cases they can be a front for a much more invasive hack which takes control of the software and leaks the database, or worse. The deface claimed the hack for Team System Dz, an anti-Israeli group who previously pulled an identical stunt back in July, when they participated in #OpSaveGaza.

According to, which identified the group as anti-Israeli Arab teenagers, back in July Team System Dz used misinformation including mislabeled photographs to drum up outrage about the situation in Gaza, and use the #AnonArtsInternational hashtag to leverage the power of the enormous hacktivist collective. But it is a team, a crew, separate from Anonymous and operating independently; sometimes their goals converge, and sometimes it’s just useful for a small crew to take cover in the big tent.

This time they found it advantageous to stand out. At least for a weekend.

According to deface tracker site Zone H, since Friday morning the team has defaced over 200 websites globally, indiscriminately. They appear to be picking off low-hanging fruit. The sheer number of defacements is the point of the attacks: once you hit a hundred or so, whether the hacks were difficult ceases to matter and they become a phenomenon through sheer tonnage. They intimidate the opponent (as to images of scimitars, countdowns in black and blood red, and all the rest of the theatrics.

There is no discernable pattern to the websites targeted: everything from escort sites to The few I checked which were up and running now seemed to be running on WordPress, however. While once the popular standard, WordPress has lately become notorious for the number of vulnerabilities and opportunities it inadvertently offers hackers. As the software grows in complexity, it offers hackers more possible approaches; it’s the nature of software. It just never gets simpler.

Devise one hack that works on a site running a particular configuration of the software and you have essentially hacked ALL of them; all that’s left is the button-pushing. That is how massive attacks like this happen. It’s one flaw, one vulnerability, exploited two hundred separate times. And WordPress is used by millions upon millions of websites.

Many of the sites are already back online and in the case of their webmaster has cleverly redirected their URL to their relatively impregnable Facebook page, That’s a workaround that should command respect from the hackers themselves.

And as far as the Powers That Be are concerned, it’s payback time. It’s uncertain what the UNB Student Union can do to them, but Facebook has removed their 3,000-strong page, where they chronicled each deface and hack.

I just wish they’d have let me screencap it first.

Their Twitter feed is comparatively anaemic, at 42 Followers. But with no other recourse, the hackers can be expected to use it as their sole news outlet until it gets suspended.

Congratulations to the University of New Brunswick on its very first recorded involvement in global cyberwar. Mazel tov.

Categories: Attack, Black Hat, Canada, Crews, Crime, Cyberwar, Defaces, Facebook, Hackers, Hacktivism, ISIS, Jihad, News, OpSaveGaza, Politics, Team System Dz, Wordpress

19 replies


    Please advice these severe, & sites to pull router plugs out? Thx.


  2. These guys are not anti-israel, not cool, not islamic, not muslims. They are just technically talented cowards who hurt website owners and produce hate against muslims and islamic nations. Good chance that they are working as “Agent Provocateur” for the americans or Israelites.


    • Yes, the buzz is that they’re Israeli, actually. And they’ve been on a roll lately. Surely there’s enough info out there that a determined researcher could find out exactly what vulnerability they’re exploiting. It exists in releases but not ones: it’s a plugin, it’s javascript, it’s an iframe, or it’s a hole in .org code that doesn’t exist in .com. My bet is it’s javascript; if all the affected websites were using the same plugin, someone would have said so by now.



  1. Cyber attack: Hackers post IS-messages on German web pages | News Round
  2. pro-ISIS hackers Team System DZ takes on Sweden | The Cryptosphere
  3. Team System DZ cross the line: interfere with UK rugby website | The Cryptosphere
  4. EXCLUSIV! Primul site românesc atacat de hackeri pro ISIS și Jihad
  5. “Nos las pagarás, Trump”: ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EE.UU. - Diario Antillano
  6. “Nos las pagarás, Trump”: ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EE.UU. | RADIO SALTA AM840 | SALTA | ARGENTINA
  7. “Nos las pagarás, Trump”: ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EE.UU. | Diario Octubre
  8. Prison » Hackers deface Ohio govt & dozens of other websites with pro-ISIS & anti-Trump messages – Your Libertarian NewsCast
  9. “Nos las pagarás, Trump”: ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EU | Periódico El LatinoAmericano
  10. ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EE.UU. – El Diario de Guadalajara
  11. Hackers deface Ohio govt & dozens of other websites with pro-ISIS & anti-Trump messages – RNN NEWS NETWORK
  12. Losers Gonna Lose: Ohio, Other Government Websites Restored After ISIS Sympathizer Hack - Victory Girls Blog
  13. Estados Unidos: ¿De nuevo en la mira? – Permanencias Voluntarias
  14. ISIS-positive-propaganda-appears-on-multiple-u-s-government-sites - P.......
  15. ‘Hackers’ proyihadistas se apoderan de sitios web del Gobierno de EE.UU. – Neutroo Noticias

Well, tell us what you think!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: