This should end well.
Team System DZ, the pro-ISIS hacker crew, have been on something of a tear in recent weeks, defacing literally hundreds of websites and posting its garbled jihadi message. We first reported on them when they took down Canadian WordPress sites. Later, they struck at Sweden and a synagogue in Florida (Florida won that round).
On Halloween they struck again, deep into England’s very heart: they defaced the Keighley Cougars‘ rugby team website. News quickly spread to football forums all over the UK, which sent rivers of traffic to The Cryptosphere and for which we thank them.
Honestly not trying to provoke a racist or immigration debate here…but its not such a bizarre target when you consider Keighley’s diverse population. A pro-ISIS supporter may have simply picked something local that came in to their head.
UIIFC on the RL Forums
Other fans wondered if the hack meant that online ticket sales had been compromised, interfered with, or the credit card details leaked. In reality, that’s not their modus operandi. They have never yet released, sold, or used database details. They may never have had access to them; a deface is a much lower-level hack than exfiltrating credit card details.
Team System DZ’s actions are a simple, low-level hack to change the front page of a website (sometimes additional pages as well) and put up their standard ungrammatical “I love you ISIS” black page along with some bombastic music. On the Cougars site they added some gory war imagery and weapons shots for good measure. The site is now restored.
As with the earlier hacks we examined, the site is WordPress-based. The hackers are almost certainly exploiting exactly the same vulnerability and thus chose the site not so much to make a statement about politics as to simply pick the low-hanging fruit. In this particular case, they lucked out and picked a victim that was newsworthy.
Who Are Team DZ
A source at Anonymous Norway who declined to be named showed us information that indicates that the individual members of the crew are PoTi_SaD-Dz, Hamza AbdUllaH, Yacine Bouamra, Earthquake Jordan, Hunter Rim, yacin Dz, Dr.web, Shi5 alhacker, T M N, RoOFIX-FOX, and Toxic Dz. The hack tracker Zone H lists over 2100 defacements by Team System DZ since their emergence just five months ago. Their first recorded hack was against an Algerian-hosted Chinese language site back in June of this year, www.huanmei3d.com/dz.php, which is still offline. Yesterday it was France’s turn to get a whack of hacks. Today, it appears to be the US’s. Tomorrow, who knows?
An intriguing, consistent, and multi-sourced but as yet unconfirmed rumour claims that Team System DZ is not really ISIS-backed at all, but Mossad. The goal, if that rumour is true, would likely be to drum up grassroots anti-ISIS sentiment. Cyberwarriors attacking the 1% are not something The People as such particularly care about. But take down my dentist’s website, my team’s page, my friend’s blog, and I might start to get pissed off. I might start to support retaliation. As an act of propaganda, that would be pretty innovative.
Comments on Reddit also claim:
1. They targeted a moderate Israeli who is sympathetic to Palestinians and calls for cooperation.
2. No defaces of Israeli sites were attributed to them despite their claims that they participated in OpSaveGaza
3. Sweden is the first country to recognize Palestine and they’re targeting Sweden.
4. If they were involved in OpSaveGaza it was likely to get intel on the participants.
All of that does in fact check out, except for #4 which is of course unconfirmable unless someone at Mossad would care to forward us some intel.
None of the websites that Team System DZ defaced have suffered long-term damage. The repair job is simple (remove deface posts and pages, restore previous pages and posts, update WordPress and plugins). Those which remain offline remain so because their owners haven’t bothered fixing them. Still, it serves as a reminder to keep your WordPress version up to date, and to do the same for your plugins. WP’s modular plugin system means there are potentially many gateways for hackers; it’s your job to keep them closed and locked.