Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

2 Alleged Hackers Indicted for Defacing US Websites

DOJ: Campaign Was Retaliation Following Death of Iranian General
2 Alleged Hackers Indicted for Defacing US Websites
A website that was defaced with a photo of Iranian Major General Qasem Soleimani added (Source: DOJ)

The Justice Department has unsealed an indictment of two alleged hackers for defacing over 50 U.S. websites in what federal prosecutors call a campaign of retaliation following the death of Iranian Major General Qasem Soleimani earlier this year.

See Also: Live Webinar | Unlocking the Full Potential of Public Key Infrastructure

The two alleged hackers, Behzad Mohammadzadeh, of Iran, and Marwan Abusrour, a stateless national of the Palestinian Authority, are each charged with conspiring to commit intentional damage to a protected computer and intentionally damaging a protected computer.

The conspiracy charge carries a maximum federal prison sentence of five years and a $250,000 fine, while the charge of intentionally damaging a protected computer is punishable by a prison term of up to 10 years as well as a $250,000 fine.

Mohammadzadeh is believed to be living in Iran, while the Justice Department suspects Abusrour lives in the Palestinian territories. So it's not clear if the two will ever face the charges in the U.S.

The website defacements started in January following the death of Soleimani, who was killed along with several others in a U.S. drone strike at a Baghdad airport (see: US Conflict With Iran Sparks Cybersecurity Concerns).

While the indictment does not name any of the websites allegedly targeted by Mohammadzadeh and Abusrour, U.S. officials found several government sites, including the site of the U.S. Federal Depository Library Program, had been altered with pro-Iranian and anti-American messages a few days after Soleimani's death was announced (see: US Government Website Defaced With Pro-Iran Message).

Prosecutors say websites were defaced with pictures of Soleimani against a background of the Iranian flag along with the message, in English, "Down with America."

History of Hacking

Before Mohammadzadeh and Abusrour started working together in December 2019, each was involved in other hacking campaigns, according to the Justice Department.

Since 2018, Mohammadzadeh, aka "Mrb3hz4d," allegedly has defaced more than 1,100 websites around the world with what the Justice Department calls pro-Iranian and pro-hacker messages.

Abusrour, who uses the online handle "Mrwn007," has allegedly been involved in spam campaigns, carding schemes and black-hat hacking operations since at least 2016, prosecutors say. He has claimed to have defaced more than 330 websites around the world.

January Attacks

Starting in December 2019, Abusrour allegedly began providing Mohammadzadeh with access to compromised websites, according to the federal indictment.

After Soleimani's death in January, Mohammadzadeh allegedly began defacing over 50 websites in the U.S., including one that belonged to a private company headquartered in Massachusetts, prosecutors say.

In some cases, Mohammadzadeh posted about defacing these websites on Zone-H, an archive where hackers often brag about defacing websites, as well as on social media accounts, according to the indictment.

Later in January, Abusrour allegedly provided Mohammadzadeh with access to another seven websites, which the two men then defaced with similar images of Soleimani and text, according to the Justice Department. The two hackers also took credit for the website defacements.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.