Cyber Incident Victim: American Human Rights Council
Date:
Sep 2016
Location:
United States of America
Summary
A hacker using the alias MuslimLeets (Muj4hida) compromised the American Human Rights Council's servers, leading to the defacement of its website and 62 others hosted on the same infrastructure, including sites belonging to medical, legal, real estate, and Arab-Muslim organizations. The attacker replaced content with grammatically flawed messages promoting jihad, condemning Western culture, and asserting Quranic law as supreme. The breach forced two Arab-Muslim political groups to completely shut down their websites. The hosting provider, Novocam, described the incident as its most sophisticated attack to date, requiring server replacement and restoration from backups. The organization's leadership condemned the hack as an act of extremism targeting human rights advocacy but affirmed their resolve to continue operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 14-16, 2016, a hacker using the alias MuslimLeets (also identified as Muj4hida) executed a coordinated cyberattack targeting 63 websites, including the American Human Rights Council (AHRC), the American Muslim Leadership Council (AMLC), and the Arab and Muslim American Political Action Committee (AAPAC). The attack primarily involved website defacements, with the hacker gaining unauthorized access to AHRC’s servers hosted by Novocam, a Detroit-based web hosting provider. This initial breach enabled the compromise of dozens of other websites sharing the same server infrastructure, impacting businesses and organizations across multiple sectors, including medical, legal, and real estate entities. Novocam founder Mohammad Abdulaziz confirmed the attack originated through AHRC’s site before propagating laterally to other clients. The hacker replaced legitimate website content with a grammatically flawed English-language message addressing "Muslim peoples" and "governments of all worlds," urging recipients to reject Western cultural influences, adhere strictly to Quranic law, and support jihadist causes in conflict zones like Syria, Palestine, Iraq, Burma, and Africa. The message concluded with "Asalamu Alaikum" (peace be upon you).
AHRC Executive Director Imad Hamad publicly acknowledged the breach on the organization’s website, confirming server infiltration and characterizing the incident as an act of extremism targeting human rights advocacy. Novocam’s security team, alongside law enforcement, initiated an investigation, with seven network administrators working to identify the attack’s origin. Abdulaziz described the intrusion as the "most sophisticated hack" the firm had encountered despite facing weekly intrusion attempts, necessitating the complete decommissioning of the compromised server. All affected websites were temporarily shut down during containment, with Novocam prioritizing the restoration of services using pre-existing backups. Hamad emphasized the attack would not deter AHRC’s mission, framing it as evidence of their effectiveness in provoking backlash from groups opposed to human rights principles. The defacement messages were removed within hours, and full technical recovery was anticipated within a day. No data theft or secondary malware deployment was reported, with the incident confined to service disruption and reputational signaling via defacement.