Cyber Incident Victim: Stewart County, Tennessee
Date:
Jan 2015
Location:
United States of America
Summary
Hackers claiming ISIS affiliation compromised media Twitter accounts and potentially accessed FBI databases, posting sensitive documents including federal bulletins, government contracts, court records, and personal information such as driver's licenses and criminal histories. The attackers infiltrated a television station's systems via employee credentials, later accessing additional accounts, and exfiltrated data from Stewart County, Tennessee's servers, which the mayor confirmed as a breach of their secured systems. The incident exposed private citizen details from New Mexico through leaked spreadsheets and corrections records, with all stolen materials disseminated via PasteBin. The FBI initiated an investigation, though no local connections or motives for targeting these specific entities were identified by the affected organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 6, 2015, hackers identifying as the "CyberCaliphate" and claiming ISIS affiliation compromised the Twitter account and website of CBS affiliate WBOC-TV in Delmarva, Maryland. The attackers posted militant messages alleging they had infiltrated FBI databases across the United States, specifically referencing operations in New Mexico and Tennessee. Tweets threatened further attacks with statements such as "INFIDELS, NEW YEAR WILL MAKE YOU SUFFER" and "#CyberCaliphate." During the breach, the hackers linked to documents originating from Stewart County, Tennessee, hosted on PasteBin. Stewart County Mayor Rick Joiner confirmed the legitimacy of these documents, which included federal bulletins on managing Ferguson-related protests, government invoices, contracts, court records, and official correspondence. Mayor Joiner stated the materials were stolen from the county’s supposedly secure servers administered by an external contractor, expressing shock at the unprecedented breach. WBOC General Manager Craig Jahelka verified the station regained control of its website but remained locked out of its Twitter account despite contacting the platform for assistance.
The attackers gained initial access through compromised credentials of a WBOC news department employee, subsequently deducing login details for two additional staff accounts. Jahelka ruled out involvement by current or former disgruntled employees, noting no recent staffing changes. Simultaneously, the Albuquerque Journal’s Twitter account was breached, exposing personal information including driver’s licenses, criminal records, addresses, and phone numbers of hundreds of New Mexico residents. Hackers claimed to have extracted this data directly from citizens’ computers. Both incidents utilized PasteBin to disseminate stolen documents. The FBI initiated an investigation into the breaches, though no motive for targeting WBOC—a mid-market station with no apparent connection to geopolitical conflicts—was identified. Stewart County officials planned discussions with their server contractor to address security vulnerabilities while awaiting further federal guidance.