Cyber Incident Victim: American Human Rights Council
Date:
Sep 2016
Location:
United States of America
Summary
A hacker using the alias MuslimLeets (also known as Muj4hida) compromised the American Human Rights Council's servers, leading to the defacement of its website and 62 others hosted on the same infrastructure, including businesses operated by medical professionals, legal practitioners, and real estate agencies, as well as two Arab-Muslim advocacy groups whose sites were forced offline. The attacker replaced content with poorly written English messages urging Muslims to reject Western culture and embrace jihad, citing conflicts in Syria, Palestine, and other regions. The hosting provider Novocam and law enforcement investigated the incident, with Novocam describing it as their most sophisticated breach to date despite frequent hacking attempts. While the compromised server was slated for replacement, all affected sites were expected to be restored from backups. The targeted organization condemned the attack as an act of extremism but affirmed its commitment to continuing human rights advocacy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between September 14 and 16, 2016, a hacker operating under the aliases MuslimLeets and Muj4hida executed a coordinated cyberattack targeting the American Human Rights Council (AHRC) and 62 additional websites hosted on the same server infrastructure managed by Novocam, a Detroit-based web hosting provider. The attacker compromised AHRC's servers first, subsequently leveraging this initial breach to deface all other sites sharing the affected Novocam server. The impacted entities spanned multiple sectors, including medical practices, legal offices, real estate agencies, and two prominent Arab-Muslim organizations—the American Muslim Leadership Council (AMLC) and the Arab and Muslim American Political Action Committee (AAPAC). Both AMLC and AAPAC experienced full website outages due to the intrusion.
The attacker replaced legitimate website content with a message written in grammatically flawed English, addressing "Muslim peoples" and world governments. The statement referenced conflicts in Syria, Palestine, Iraq, Burma, Chichan, Africa, and Asia, urging recipients to reject Western cultural influences and adhere strictly to Quranic law. Novocam founder Mohammad Abdulaziz characterized the incident as the most sophisticated attack against their systems to date, despite weekly attempted breaches, necessitating seven network administrators to investigate the intrusion vector. AHRC Executive Director Imad Hamad confirmed unauthorized server access and interpreted the attack as retaliation from extremist groups opposed to human rights advocacy. Novocam removed the defaced content, decommissioned the compromised server, and restored all affected websites from backups within hours. Law enforcement agencies collaborated in the ongoing investigation, though the specific technical methods of infiltration remained undetermined at the time of reporting. AHRC publicly reaffirmed its commitment to continuing human rights work despite the disruption.