A Turkish hacktivist defaced a subdomain of the President-Elect’s campaign website.
A subdomain used by US President-elect Joe Biden’s official campaign website was defaced last week by a self-proclaimed Turkish ‘hacktivist’ & still remains out of commission.
The subdomain, vote.joebiden.com, was part of the official campaign website JoeBiden.com used by the Biden campaign leading up to the 2020 US Presidential Election.
On Nov. 18, the subdomain reportedly began to show a message in Turkish. In this message, the hacker claims to be “RootAyy1ld1z,” a “Turkish & Muslim Defacer” who is not a group or organisation, but who “fights alone.”
Polling Centres
This subdomain was used by the Biden campaign help voters find polling centres, find a campaign event & offer state-specific voter guides. Post-election, the subdomain forwarded traffic to the self-serve voter registration information website “I WILL VOTE“.
This separate website, maintained by the Democratic National Committee (DNC), offers state-specific vote-by-mail & voter registration verification services.
“Like many organisations who quickly throw together a website or subdomain, likely missing some important cyber-security best practices, this time a subdomain ‘vote.joebiden.com’ of presidential elect Joe Biden has become the latest victim of website defacing,” Joseph Carson, Chief Security Scientist & advisory CISO at Thycotic, explained.
National Security Issue
“This of course is more of an embarrassment than a national security issue, however, it does raise important questions on ensuring that cyber-security is a top priority for the incoming administration.”
The message, in Turkish, threatened Turkey’s opponents as well as US-backed political parties in Turkey. It also featured a photo of Sultan Abdul Hamid II, who was the 34th Sultan of the Ottoman empire from 1876 to 1909.
“We are the ones who stopped the tanks with their bare hands on the night of July 15. We are those who killed death that night,” a translated (via Google Translate) English version of the message concluded, likely referring to the 2016 Turkish coup d’etat attempt.
Inaccessible
As of Nov. 23, the domain remains inaccessible. Biden’s main campaign website, joebiden.com, does not appear to be affected by the hack.
While there’s no indication as to how the bad actor accessed the website, popular methods for compromise can include vulnerabilities in 3rd-party plugins & stolen login credentials.
The website hack also comes amid a Wall Street Journal report that the Federal Govt. is offering minimal assistance to Biden’s transition team when it comes to securing email & other communications.
With the release of resources & support following the Nov. 23 GSA determination of ‘the apparent winner’, this will immediately change.
Deface
“As additional data & searches indicate that the CMS was hacked to deface the subdomain’s web content, a lot more would have been possible than just a ‘political statement’ from a hacktivist,” Dirk Schrader, Global VP at New Net Technologies (NNT), outlined.
“A different content playing to the bias of parts of the population might have caused bigger issues. As it took the cyber-security team more than 24 hours to realise the defacement & to take action, this incident demonstrates again how important it is to keep an eye on your full exposure & have constant monitoring & change control in place.”
Website Hacks
US Govt. website defacements have appeared, particularly with the US Presidential Elections being Nov. this year.
Hackers took over President Trump’s 2020 election campaign website in Oct., replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later.
In Jan., a US Govt. website was vandalised by hackers who posted images of a bloodied US President Donald Trump being punched in the face & pro-Iran messages.
50 Websites
In Sept. the US Dept. of Justice (DoJ) indicted 2 hackers, including 1 teenager, for allegedly vandalising more than 50 websites hosted in the US with pro-Iran messages.
“Incidents, such as this, are a reminder how important it is to have top cyber-security experts in the new administration to ensure mistakes like these do not happen,” Carson concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/