US charges two hackers for defacing US websites following Soleimani killing

US authorities have tracked down the two hackers behind a January 2020 mass-defacement campaign.

soleimani-defacements.png

Image: Catalin Cimpanu

Special feature

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Read More

The US Department of Justice has charged today two hackers with orchestrating a mass-defacement campaign against US websites following the killing of Iranian military general Qasem Soleimani by US forces earlier this year.

According to an indictment unsealed today, the two hackers were identified as Behzad Mohammadzadeh (aka Mrb3hz4d), 19, from Iran, and Marwan Abusrour (aka Mrwn007), 25, from Palestine.

Mohammadzadeh, considered the primary perpetrator of the attacks, was accused of breaking into at least 51 US websites and posting images of the late Soleimani and messages such as "Down with America."

The defacements primarily hit US-hosted domains and started on January 3, a day after US officials announced the killing of general Qasem Soleimani in a drone strike attack against his car near the Baghdad International Airport.

According to the indictment, following this announcement, Mohammadzadeh began a wide-ranging hacking campaign.

While the indictment accused Mohammadzadeh of defacing 51 websites, US officials say that a profile on Zone-H, a website where hackers often index and brag about their defacements, lists more than 1,100 websites defaced by the Iranian hacker, with 400 of these sites showing pro-Soleimani messages.

soleimani-defacements-list.png

Image: ZDNet

In all of this, Abusrour was charged with a minor role. Prosecutors said that the young Palestinian provided Mohammadzadeh with access to seven websites that his Iranian counterpart later defaced part of his larger campaign.

Nonetheless, US officials said that Abusrour also had a history in defacing websites, with his hacker monicker found on more than 337 websites defaced with pro-Palestinian messages, dating back to June 2016.

The defacements executed by the two hackers received considerable media coverage earlier this year. However, the coverage was slightly over-hyped, with some news outlets calling these low-level hacks as the Iranian government's response as part of an upcoming "nuclear cyber war."

Nothing of the sort happened, and the most high-profile websites hacked by Mohammadzadeh was the portal for the US Federal Depository Library Program, which was almost immediately taken down and restored following the defacement.

The defacements, although on the lower spectrum of cyber-attacks, are still illegal. The two hackers have now been charged and risk sentences of up to 10 years in prison and fines of up to $250,000, if found guilty, according to the DOJ.

Both hackers remain at large.