Cyber Incident Victim: Hardin Center
Date:
Aug 2015
Location:
United States of America
Summary
A Kurdish hacker known as MuhmadEmad defaced websites belonging to the Etowah County Sheriff’s Office and Hardin Center, displaying a Kurdish flag, contact information, and an anti-Islamic State message. The attacker, previously associated with Anonymous Kurdistan, has a history of targeting entities perceived as supporting ISIS, including Turkish government sites. Both organizations detected the compromise on a Saturday afternoon, with the Hardin Center deputy director attempting immediate removal of the defacement due to reputational concerns. Collaborative efforts between the two entities led to temporary site takedowns by evening, though restoration faced initial challenges. The sites were fully restored shortly after the incident, with no disclosed motive for the specific targeting beyond the hacker’s established anti-ISIS agenda.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 1, 2015, the websites of the Etowah County Sheriff’s Office and the Hardin Center in Alabama were compromised by a hacker identifying as MuhmadEmad. Both domains displayed a defacement page featuring a Kurdish flag, the hacker’s Gmail contact, and the message “HaCKeD by MuhmadEmad, Long Live to peshmarga, KurDish HaCkerS WaS Here,” accompanied by explicit anti-Islamic State rhetoric. The attack was discovered on Saturday afternoon when visitors encountered the unauthorized content. Tom Banks, Hardin Center Deputy Director, confirmed the websites were operational earlier that day, indicating the intrusion occurred shortly before detection. Initial assessments suggested the hacker’s motives might relate to opposition to Turkish airstrikes against Kurdish territories, allegedly supported by the United States, though no explicit claim or justification was provided by the attacker. Both organizations immediately collaborated to contain the incident, prioritizing the removal of the defaced content to prevent further public exposure.
Efforts to delete the hacker’s message or restore normal operations faced technical challenges, as the defacement persisted despite intervention attempts. By 6:00 PM on Saturday, both entities disabled their websites entirely to mitigate the incident’s visibility. The Hardin Center temporarily reactivated its site but failed to remove the defacement before taking it offline again. Forensic evidence, including Zone-H mirror links, confirmed the compromise of http://etowahcountysheriff.com and http://culturalarts.com (the Hardin Center’s domain). By August 4, 2015, when the incident was publicly reported, both websites had been fully restored to operational status. MuhmadEmad, previously associated with the “Anonymous Kurdistan” collective, had a documented history of targeting Turkish government sites with similar defacements, accusing Turkey of supporting ISIS. No data theft, service disruption beyond the defacement period, or additional collateral impacts were disclosed by the affected organizations.