MS Risk Blog

ISIS Cyberattack on TV5Monde; FBI issues warning

Posted on in Cyber, ISIS, Terrorism title_rule

An “extremely powerful” cyberattack claimed by supporters of Islamic State of Iraq and il Sham (ISIS) has left French broadcaster TV5Monde working to regain control of its 11 news channels and websites for three hours. The attack occurred around 10 pm local time. Hackers took down the television channels and posted material on the broadcaster’s Facebook and Twitter feeds. The station’s network director, Yves Bigot, said operations were “severely damaged.” The station’s programming and Facebook page are now back up, but its website remains under maintenance.

The hackers posted documents on the TV5Monde Facebook page which they claim are the identity cards of relatives of French soldiers involved in anti-Islamic State operations. The hackers also posted threats against the troops. France is part of the international coalition fighting against ISIS insurgents.

TV5Monde, which broadcasts around the world, is working with police and national security to determine how their security was breached. It is not yet known how the group accessed station operations, but it appears to have been conducted by the “Islamic State Hacking Division.” The hackers referred to themselves as the “CyberCaliphate” on TV5Monde’s Facebook page, which also took credit for the recent hacking of US military servers.

The station has restored broadcast of one signal across all of their channels, however they cannot “send out pre-recorded broadcasts nor restart the production of our news shows,” according to Bigot. He added that it could take days for broadcasts to return to normal, adding that the attack must have required “weeks” of planning. The station is broadcast in nations around the world, including the US, Canada and Britain.

A day before the attack on TV5Monde, the US Federal Bureau of Investigation (FBI) warned that attackers claiming to be sympathetic to the extremist group ISIS are targeting websites that have vulnerable WordPress plugins.

WordPress is a website hosting system which also has a community third-party developers who have created some 37,000 plugins. Occasionally, security vulnerabilities in one of the plugins can put a large number of websites at risk by allowing hackers to gain unauthorized access, inject scripts, or install malware on the affected sites. The attackers have reportedly hit news organizations, religious institutions, and commercial and government websites. The hackers have defaced websites that share some of the common WordPress plugins with vulnerabilities that are easily exploited, the FBI said.

The FBI advisory states, “Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.” The attackers have voiced support for ISIS; they are likely conducting attacks in order to gain notoriety.

On Tuesday, the security company Sucuri issued an advisory for a flaw it found in the WP-Super-Cache plugin. The plugin is utilised by up to a million WordPress sites.  The vulnerability in the plugin could allow an attacker to add a new administrator to a site, or create a “backdoor” using WordPress’s theme edition tools.

The same day as the FBI warning was issued, The homepage of showed a photograph of a soldier with their face covered, alongside the words “ISLAMIC STATE HACKERS”

“Hacked By Moroccanwolf and ABdellah elmaghribi ~ Moroccan Attacker ~ I love IS”.

The image remained on the site for six hours before it was removed. CEO of Irish Autism Action, Kevin Whelan, confirmed that the hack “appears to have happened to a number of sites” and was not directed at the charity in particular. It is likely that the hackers scanned several websites to identify vulnerable sites, and conducted hacks at random. The Dublin Rape Crisis Centre were also part of a worldwide hack affecting users of a vulnerable WordPress plugin.