The Department of Justice (DoJ) has indicted two hackers – including one teenager – for allegedly vandalizing more than 50 websites hosted in the U.S. with pro-Iran messages.
The indictment, unsealed on Tuesday, indicts Behzad Mohammadzadeh, a national of the Islamic Republic of Iran who is believed to be 19 years old, and Marwan Abusrour, a stateless national of the Palestinian Authority, who is believed to be 25 years old. Both were charged on one count of conspiring to commit intentional damage to a protected computer and one count of intentionally damaging a protected computer.
The defendants are believed to be living in Iran and Palestine and are wanted by United States authorities.
“These hackers are accused of orchestrating a brazen cyber-assault that defaced scores of websites across the country as a way of protesting and retaliating against the United States for killing the leader of a foreign terrorist organization,” said Joseph Bonavolonta, special agent in charge of the FBI Boston division, in a Tuesday statement. “Now, they are wanted by the FBI and are no longer free to travel outside Iran or Palestine without risk of arrest.”
The website defacement came after conflict between the U.S. and Iran peaked earlier in 2020, when U.S. drones on Jan. 3 killed Qassem Soleimani, an Iranian general with the Islamic Revolutionary Guard Corps who was highly esteemed in Iran. On the heels of Soleimani’s killing, Iranian leaders vowed retaliation.
On the heels of this incident, Mohammadzadeh and Abusrour allegedly worked together to deface 51 websites hosted in the U.S. Some of the them were hosted on computers owned by a company with corporate headquarters in Massachusetts. The two allegedly replaced the content of these websites with pictures of Soleimani against a background of the Iranian flag, along with the message, in English, “Down with America.” The two hackers allegedly took credit online for their website defacements.
The website of at least one U.S. government agency – the Federal Depository Library Program (FDLP) website – was also defaced during this time, with hackers behind the attack referencing Soleimani’s death on the FDLP landing page, and including a picture of a bloodied President Donald Trump being punched in the face and pro-Iran messages. However, it’s not clear if this website was one of the 51 allegedly targeted by Mohammadzadeh and Abusrour.
Mohammadzadeh and Abusrour were allegedly defacing websites long before the Jan. 2 incident. According to the indictment, Mohammadzadeh has publicly claimed to have personally defaced more than 1,100 websites around the world with pro-Iranian and pro-hacker messages, beginning in 2018.
Abusrour meanwhile is a self-described spammer (who sends unsolicited emails for profit), as well as an illicit trader in stolen credit cards, who has publicly claimed to have defaced at least 337 websites around the world, which he allegedly began no later than June 6, 2016, and continued through at least July of this year.
The two allegedly started working together on or about Dec. 26, when Abusrour began providing Mahammadzadeh with access to compromised websites. While the DoJ did not specify how the two allegedly accessed the websites, popular methods for compromise can include vulnerabilities in third-party plugins and stolen login credentials.
According to the DoJ, the charge of conspiring to commit intentional damage to a protected computer provides for a sentence of up to five years in prison, three years of supervised release and a fine of $250,000 or twice the gain or loss (whichever is greatest). Meanwhile, the charge of intentionally damaging a protected computer provides for a sentence of up to 10 years in prison, three years of supervised release and a fine of $250,000 or twice the gain or loss (whichever is greatest).
“Today’s indictment should send a powerful message that we will not hesitate to go after anyone who commits malicious cyber intrusions against innocent Americans in order to cause chaos, fear and economic harm,” said Bonavolonta in the statement.
On Wed Sept. 16 @ 2 PM ET: Learn the secrets to running a successful Bug Bounty Program. Register today for this FREE Threatpost webinar “Five Essentials for Running a Successful Bug Bounty Program“. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.