At around 8 p.m. Saturday, hackers breached and defaced the website of the U.S. Federal Depository Library (USFDL), posting a graphic image of President Trump being punched in the face and announcing, “This is a message from Islamic Republic of Iran.”
U.S. officials have not confirmed that the attack on the website of USFDL, a program created to make federal government publications available to the public at no cost, came from Iran, but the hackers claim to be avenging the death of Qasem Soleimani, the brutal Iranian terrorist who was killed in a U.S. airstrike at the Bahrain Airport in Iraq early Friday morning.
About an hour after the attack on the little-known USFDL website, the Iranian propaganda had been removed and the website was offline, displaying a Cloudflare error message. (Cloudflare is an internet security and DDoS mitigation provider that protects websites from malicious attacks.)
Visitors to the fldp.gov site Saturday night were greeted by a black screen displaying the flag of Iran and the words “in the name of god,” along with messages warning: “We will not stop supporting our friends in the region: the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of Bahrain, the true mujahideen resistance in Lebanon and Palestine [they] always will be supported by us.”
Below that was an image or President Trump being punched in the jaw by a fist displaying Iran’s Revolutionary Guard insignia.
“Martyrdom was his (Shahid Soleymani) reward for years of implacable efforts. With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and the blood of the other martyrs of last night’s incident,” the message read. “Hacked By Iran Cyber Security Group HackerS… This is only small part of Iran’s cyber ability! We’re always ready… to be continues… We Are: Iranian Hackers… #Hard revenge… #ICG – #SpadSecurityGroup.”
The attack on the federal website came two hours after President Trump warned on Twitter that Iran “WILL BE HIT VERY FAST AND VERY HARD” if they strike American assets or targets.
“Iran is talking very boldly about targeting certain USA assets as revenge for our ridding the world of their terrorist leader who had just killed an American, & badly wounded many others, not to mention all of the people he had killed over his lifetime, including recently hundreds of Iranian protesters,” the president wrote on Twitter. “He was already attacking our Embassy, and preparing for additional hits in other locations. Iran has been nothing but problems for many years.”
“Let this serve as a WARNING that if Iran strikes any Americans, or American assets, we have targeted 52 Iranian sites (representing the 52 American hostages taken by Iran many years ago), some at a very high level & important to Iran & the Iranian culture, and those targets, and Iran itself… The USA wants no more threats!”
A former senior U.S. government national security official told Fox News’ Leland Vittert, “It has the feel of being pretty insignificant…they just hacked a website that most Washington insiders don’t know existed…Honestly, this is not very hard…this website had very weak security.” The source told Vitter that the attack likely did not come from the Iranian government directly, rather from sympathizers or a proxy group.
The chief public relations office for the U.S. Government Publishing Office told Fox News: “An intrusion was detected on GPO’s FDLP website, which has been taken down. GPO’s other sites are fully operational. We are coordinating with the appropriate authorities to investigate further.”
Security experts have warned that Iran could launch cyberattacks in response to the death of Soleimani. While Saturday’s attack appears to be rather unsophisticated, the fear is that hackers with more advanced skills could inject malware into websites and cause major disruptions of U.S. infrastructure or the financial and energy sectors.
State-sponsored Iranian hackers have proven successful in the past. In 2016, seven Iranians “conducted a coordinated cyber attack on dozens of U.S. banks, causing millions of dollars in lost business, and tried to shut down a New York dam, the U.S. government said on Thursday in an indictment that for the first time accused individuals tied to another country of trying to disrupt critical infrastructure,” according to a Reuters report.
Christopher C. Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), warned that Iran could target U.S. assets to avenge the death of Suleimani.
“Given recent developments, re-upping our statement from the summer,” Krebs warned on Twitter. “Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses!”
In June, CISA warned that Iranian actors or proxies could attack U.S. targets utilizing destructive “wiper” tools.
“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” CISA said. “Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
“In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident – take it seriously and act quickly,” the statement concluded.
John Hultquist, director of intelligence analysis at cybersecurity firm FireEye warned, “We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment. We also anticipate disruptive and destructive cyberattacks against the private sphere.”
“Iran has leveraged wiper malware in destructive attacks on several occasions in recent years,” he explained. “Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations. We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”
While Saturday’s attack on a minor federal agency seems insignificant, it could be a harbinger of more sophisticated Iranian cyber attacks in an effort to hurt the U.S. in response to the death of Iran’s top terrorists.
“The Department of Homeland Security stands ready to confront and combat any and all threats facing our homeland,” Acting Secretary Chad F. Wolf said on Friday. “While there are currently no specific, credible threats against our homeland, DHS continues to monitor the situation and work with our Federal, State, and local partners to ensure the safety of every American.”