Iranian cyberterrorists attacked the Voice of America’s websites on Sunday and Monday nights, temporarily filling the sites with anti-American propaganda. The Voice of America is the official external radio and television broadcasting service of the United States government.
The first attack took place on Sunday night and a second attack followed at approximately 8 p.m. Eastern time Monday. In both, a message attributed to the “Iranian Cyber Army” was posted on both the main Voice of America website and on dozens of auxiliary foreign language services.
Early word of the attack came from the @PiratesWeek Twitter account, a feed devoted to the shortwave pirate radio community.
The Iranian Cyber Army’s hack jpeg displays an AK-47 and an Iranian flag. The text of the message calls on America, in badly written English, to cease supporting the Arab Revolutions of 2011:
We have proven that we can
Mrs. Clinton Do you want to hear the voice of oppressed nations will from heart of USA?
Islamic world doesn’t believe USA trickery.
We call on you to stop interfering in Islamic countries.
Adding credence to the theory that this is an actual Iranian cyberattack, the state-affiliated Fars News Agency posted a story praising the cyberattack and the subsequent damage done to “the progress of seditious moves in Iran”:
The move came in response to the false reports released by the VOA and other websites on the spread and progress of seditious moves in Iran.
VOA and its affiliates have long been supporting anti-Islamic Republic groups and sought to provoke unrest in Iran.
The Voice of America is the official external radio and television broadcasting service of the United States’ federal government, but it acts as a complementary and media arm of the U.S. spy agencies.
A long list of hacked VOA websites indicates the Iranian cyberterrorists also targeted Dari, Pashto, Somali, and Albanian-language sites.
Writing at The Tech Herald, Steve Ragan worryingly notes that we still don’t know what security hole the Iranians used to hack the Voice of America:
So what happened this time? The short answer is that no one knows yet.
Many of the domains listed by the ICA as hacked share a common thread, Network Solutions. However, voanews.com, the master domain, does not appear to use Network Solutions at all.
At the same time, voanews.net, voanews.org, voanews.info, voahp.com, voanews.us, as well as many others, resolve to a Network Solutions holding page or point to the ICA message on voanews.com. In addition, they use DNS hosting from WorldNIC, a Network Solutions company.
It is possible that the Network Solutions account was compromised, and then with that access, voanews.com was defaced thanks to a shared password. However, most of the domains pointed to the main URL before the defacement. So this could be a case where single compromise covered 93 additional domains simply due to the nature of their hosting.
The Iranian Cyber Army was previously involved in attacks on Twitter and Chinese websites. This is their first high-profile web attack of 2011.
Just last week the Voice of America’s parent agency, the Broadcasting Board of Governors, announced plans to cancel all Chinese-language shortwave broadcasts in favor of internet broadcasting. But as this incident shows, it is much easier to hack a website than to jam a radio station.