Two hackers have been charged by the US Department of Justice (DoJ) with orchestrating a mass defacement campaign against US sites. This is a campaign launched after the assassination of Iranian soldier Qasem Soleimani by US forces in early January. According to the indictment, the two hackers behind the campaign are 19-year-old Iranian Behzad Mohammadzadeh, also known as Mrb3hz4d, and 25-year-old Palestinian Marwan Abusrour, also known as Mrwn007.
Mohammadzadeh had given an exclusive interview to SECNEWS last March, following an ALERT issued by the FBI at the time..
The FBI said in a statement that it had observed a series of violations on sites by Iranian hackers. He also stressed that many of these violations may have been the result of exploiting known vulnerabilities in Content Management Systems (CMSS) to upload defacement files. So the FBI then advised users, businesses and organizations to be aware of the techniques, tactics and indicators provided in their ALERT, as they were very likely to be targeted by Iranian hackers.
Mohammadzadeh has violated, among other things, the site of the National Transparency Authority (aead.gr) which belongs to SYZEFXIS. So, the SecNews team contacted him to learn more about the hacker, his goals, the attacks on Greek sites, his opinion on the online level security of Europeans and others.
Now Mohammadzadeh, who is considered the main perpetrator of the attacks, was accused of invading more than 50 US sites and then posting pictures of the late Soleimani, as well as messages such as "Down with America".
The violations affected for the most part domains hosted on Jan. 3, a day after U.S. officials announced the assassination of Soleimani, following attack received from an aircraft in his car, near Baghdad International Airport.
According to the indictment, after this announcement, Mohammadzadeh started the wide hacking campaign. In addition, while the DoJ accused Mohammadzadeh of violating about 51 sites, U.S. officials say a profile on Zone-H (site where hackers post details of their violations and brag about their accomplishments) lists more than 1.100 sites that have been violated by Iranian hackers, with 400 of them showing pro-Soleimani messages.
Abusrour, on the other hand, has been accused of playing a lesser role in the campaign. Prosecutors say the young Palestinian provided Mohammadzadeh access on seven sites, which his Iranian counterpart later distorted as part of his campaign.
However, U.S. officials said Abusrour also had a history of defacement against sites, with the hacker monicker being on more than 337 sites that have been tampered with in favor of Palestinians dating back to June 2016.
The violations committed by the two hackers were strongly commented by the media. However, the coverage of the news was slightly excessive, with some news agencies presenting these violations in response to the Iranian government in the context of an upcoming "nuclear cyber war". This, however, does not correspond to reality. The most popular sites that were violated by Mohammadzadeh were portal of the US Federal Depository Library Program, which was almost immediately shut down and restored after defacement.
According to the DoJ, if the two hackers are found guilty, they could face up to 10 years in prison, as well as fines of up to $ 250.000. It is worth noting, however, that for now the two hackers remain free.