Cyber Incident Victim: City of Perrysburg, Ohio
Date:
Jan 2015
Location:
United States of America
Summary
The official website of Perrysburg, Ohio, was compromised and defaced by a hacker known as Dr.SHA6H, who left an anti-government message addressing the Syrian crisis. The attack disrupted municipal services, including police and public service departments, prompting an investigation involving local authorities and the FBI. The hacker, previously linked to high-profile breaches such as a major U.S. bank, targeted the city's platform to propagate political statements. Services were restored following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 16, 2015, the official website of Perrysburg, Ohio (ci.perrysburg.oh.us) was hacked and defaced by an individual using the alias Dr.SHA6H, a Syrian hacker known for opposing the Bashar Al-Assad regime. The attack occurred in the early morning hours, with the hacker replacing the city's homepage with a custom defacement page containing a political message criticizing global governments for their inaction regarding the Syrian crisis. The compromised website served multiple critical functions beyond municipal information dissemination, including hosting content for the Perrysburg Police Department and the Department of Public Service (DOPS), amplifying the incident's significance. Evidence of the hack was preserved through a mirror on Zone-h.org (ID 23539959), which displayed the defaced page featuring the hacker's signature anti-Assad imagery and rhetoric. This marked a continuation of Dr.SHA6H's pattern of high-profile cyber intrusions, having previously targeted major entities like U.S. Bank's website in 2014. The defacement remained publicly visible until restoration efforts were completed prior to the publication of reporting on the same day.
The Perrysburg Police Department initiated an immediate investigation into the breach, collaborating with the Federal Bureau of Investigation (FBI) due to the cross-jurisdictional nature of the attack and the hacker's known transnational activities. No data theft or secondary compromises beyond the website defacement were reported in available documentation. The incident disrupted access to municipal services hosted on the domain, though functionality was restored within hours of detection. The attacker's choice of target—a local government platform hosting law enforcement resources—highlighted the operational convergence of civic infrastructure and digital vulnerability. Historical context indicated Dr.SHA6H consistently leveraged website compromises as a medium for political messaging rather than financial gain, with this incident reinforcing his established modus operandi. Restoration efforts focused on removing the defaced content and restoring original municipal web services without public disclosure of technical remediation measures.