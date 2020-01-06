Loading...

The Federal Deposit Library Program website that was released on January 5.

The Federal Deposit Library Program home page as published in November.

Scoreboard from IRAN-CYBER on Zone-H.

After the assassination of the Iranian Revolutionary Guard general Qassem Soleimani by an MQ-9 Reaper strike on January 2, the U.S. Department of Homeland Security warned of possible cyber attacks on critical infrastructure by Iran. This warning probably did not apply to the website of the Federal Deposit Library program, which is operated by the US government printing press. This was blurred on January 4 with a pro-Iranian embassy and the image of a bloody president, Donald Trump, who was beaten by an Iranian fist.

The FDLP website is no stranger to blemish attacks. A brief analysis of a security researcher’s attack using the Twitter username @sshell_ revealed that the website had been blurred twice in the past 10 years – most recently in 2014 when it was replaced with an electronic dance music video featuring a dancing cat. Based on a fingerprint of the site files, the site code – based on the Joomla content management system – has not been updated since 2012. There were modules on the site that used a version of Joomla’s RSForm that had been marked “marked” 11 months ago, prone to an SQL injection attack.

While there was no metadata attached to the Trump image, another image with text contained Exchangeable Image File Format (EXIF) data, indicating that it was created in 2015 with Adobe Photoshop CS 6 for Windows a user who identifies himself as IRAN-CYBER in the “Cybercrime Archive” Zone-H.

Zone-H offers a kind of scoreboard for hackers, with which they can report their actions anonymously. IRAN-CYBER reported 2,447 disfigurements from 2015 – most of which are opportunistic attacks on poorly protected locations.

The media reported extensively on the blemish of the FDLP website as it has been linked to the threat of retaliation by Iran. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) was forced to respond to reports, with a spokesman remarking that “there is no confirmation that this was done by Iranian state-sponsored actors.”