Team System Dz goes on hacking spree

Team System Dz Deface

Team System Dz Deface

UPDATED TO ADD: Get the latest on Team System DZ here. And gee thanks, YouKnowWhoYouAreMajorUKNewspaper, for reading our articles and not linking to them.

Well, somebody’s on a roll.

Much to the chagrin of over 200 victims around the world, including the University of New Brunswick’s Student Union, whose website remains offline. Still an “offline” notification is better than the “i love you isis” deface that it replaces.

Who did this, why, and why is such a massive string of defaces only coming out now?

It’s an unusual combination of factors including Israel, ISIS, low hanging fruit, and Canadian Thanksgiving.

It’s been a long weekend in Canada, which celebrates Thanksgiving earlier than the US so they can get it over with before everything freezes solid. Neither students nor staff would typically check in on a website as minor as the Student Union site over the course of the poultry-and-family-centric holiday, so it was somewhat more of a shock when they did look, on Monday night, and found this. It was automatically national news, in fact.

Six days ago Canada’s Parliament voted to join the US and its allies in air strikes against Syrian rebels.

Student Union reps told the National Post that the deface was removed within two hours of posting, but the website itself remains offline. Presumably a diligent sysadmin is scouring the file system looking for malware.

Defaces are typically low-level actions, requiring nothing more than a password and username combination, but in some cases they can be a front for a much more invasive hack which takes control of the software and leaks the database, or worse. The deface claimed the hack for Team System Dz, an anti-Israeli group who previously pulled an identical stunt back in July, when they participated in #OpSaveGaza.

According to Geektime.com, which identified the group as anti-Israeli Arab teenagers, back in July Team System Dz used misinformation including mislabeled photographs to drum up outrage about the situation in Gaza, and use the #AnonArtsInternational hashtag to leverage the power of the enormous hacktivist collective. But it is a team, a crew, separate from Anonymous and operating independently; sometimes their goals converge, and sometimes it’s just useful for a small crew to take cover in the big tent.

This time they found it advantageous to stand out. At least for a weekend.

According to deface tracker site Zone H, since Friday morning the team has defaced over 200 websites globally, indiscriminately. They appear to be picking off low-hanging fruit. The sheer number of defacements is the point of the attacks: once you hit a hundred or so, whether the hacks were difficult ceases to matter and they become a phenomenon through sheer tonnage. They intimidate the opponent (as to images of scimitars, countdowns in black and blood red, and all the rest of the theatrics.

There is no discernable pattern to the websites targeted: everything from escort sites to Boatingdog.com. The few I checked which were up and running now seemed to be running on WordPress, however. While once the popular standard, WordPress has lately become notorious for the number of vulnerabilities and opportunities it inadvertently offers hackers. As the software grows in complexity, it offers hackers more possible approaches; it’s the nature of software. It just never gets simpler.

Devise one hack that works on a site running a particular configuration of the software and you have essentially hacked ALL of them; all that’s left is the button-pushing. That is how massive attacks like this happen. It’s one flaw, one vulnerability, exploited two hundred separate times. And WordPress is used by millions upon millions of websites.

Many of the sites are already back online and in the case of EditFestival.com their webmaster has cleverly redirected their URL to their relatively impregnable Facebook page, https://www.facebook.com/editfest. That’s a workaround that should command respect from the hackers themselves.

And as far as the Powers That Be are concerned, it’s payback time. It’s uncertain what the UNB Student Union can do to them, but Facebook has removed their 3,000-strong page, where they chronicled each deface and hack.

I just wish they’d have let me screencap it first.

Their Twitter feed is comparatively anaemic, at 42 Followers. But with no other recourse, the hackers can be expected to use it as their sole news outlet until it gets suspended.

Congratulations to the University of New Brunswick on its very first recorded involvement in global cyberwar. Mazel tov.



Categories: Attack, Black Hat, Canada, Crews, Crime, Cyberwar, Defaces, Facebook, Hackers, Hacktivism, ISIS, Jihad, News, OpSaveGaza, Politics, Team System Dz, Wordpress

8 replies

  1. HACKED BY TERRORISTS
    http://www.njcrda.com/press-releases/2807/

    Please advice these severe, & sites to pull router plugs out? Thx.

    Like

  2. These guys are not anti-israel, not cool, not islamic, not muslims. They are just technically talented cowards who hurt website owners and produce hate against muslims and islamic nations. Good chance that they are working as “Agent Provocateur” for the americans or Israelites.

    Like

    • Yes, the buzz is that they’re Israeli, actually. And they’ve been on a roll lately. Surely there’s enough info out there that a determined researcher could find out exactly what vulnerability they’re exploiting. It exists in WordPress.org releases but not WordPress.com ones: it’s a plugin, it’s javascript, it’s an iframe, or it’s a hole in .org code that doesn’t exist in .com. My bet is it’s javascript; if all the affected websites were using the same plugin, someone would have said so by now.

      Like

Trackbacks

  1. Cyber attack: Hackers post IS-messages on German web pages | News Round
  2. pro-ISIS hackers Team System DZ takes on Sweden | The Cryptosphere
  3. Team System DZ cross the line: interfere with UK rugby website | The Cryptosphere
  4. EXCLUSIV! Primul site românesc atacat de hackeri pro ISIS și Jihad

Well, tell us what you think!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,753 other followers

%d bloggers like this: