Cyber Incident Victim: University of Toronto
Date:
Apr 2015
Location:
Canada
Summary
The University of Toronto's mobile website was compromised by two separate hacker groups in a single day. Pro-ISIS Algerian hackers known as Team System DZ defaced the site with anti-U.S. and anti-Israeli messages promoting jihad and supporting ISIS, followed by a pro-Palestinian hacker using the alias HalaKo who replaced the content with a "#SaveGaza" message. Both attacks resulted in the display of unauthorized political statements, rendering the website inaccessible after the defacements were eventually removed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On April 14, 2015, the University of Toronto's official mobile website (mobile.utoronto.ca) was compromised by pro-ISIS hackers identifying themselves as Team System DZ, an Algerian-based group known for targeting high-profile websites. The attackers replaced the site's content with a defacement page containing anti-U.S. and anti-Israeli rhetoric, along with explicit support for ISIS and its objectives. Their message declared allegiance to jihad, criticized Western governments for killing Muslims, and vowed that the Islamic State would "restore dignity of Muslims" by purging "hypocrite infidels" from Muslim lands. The defacement included the statement: "Hacked by Team System DZ! I am a Muslim and I love jihad, I love ISIS <3." This incident marked the first known cyberattack against the university by this particular threat actor, though Team System DZ had previously established notoriety for similar website defacements targeting other institutions.
Later the same day, the same mobile.utoronto.ca domain experienced a second compromise by a different threat actor using the handle "HalaKo," who identified as pro-Palestinian. This subsequent defacement replaced the ISIS-related content with a message stating: "Hacked by HalaKo! We are the best of the rest | Free Palestine ! #SaveGaza- Palestinian hacker." Both attacks left publicly accessible defacement pages, with Zone-h.org providing mirror evidence confirming both breaches. By April 17, 2015, when media reported the incidents, the university had removed the defacement images but had not fully restored website functionality, leaving mobile.utoronto.ca unreachable to users. The dual compromises demonstrated vulnerabilities in the university's web infrastructure, though no data theft or broader system impacts beyond the defacements were documented in available reports. The incident drew attention due to its politically motivated messaging and the rare occurrence of two distinct hacker groups sequentially targeting the same web property within hours.