Cyber Incident Victim: WBOC
Date:
Jan 2015
Location:
United States of America
Summary
Hackers claiming ISIS affiliation compromised a television station's Twitter account and website, along with a newspaper's social media, under the "CyberCaliphate" banner. The attackers accessed the media outlet's systems via employee credentials, subsequently exfiltrating and publishing sensitive documents including FBI-related threats, Tennessee county government records, and New Mexico residents' personal information such as driver's licenses and criminal histories. Stolen data was disseminated through PasteBin, with the hackers asserting breaches of FBI databases and local government servers. The impacted television station regained control of its website but remained locked out of Twitter during the incident, while officials confirmed the legitimacy of leaked documents and ruled out insider involvement. Federal authorities initiated an investigation into the breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 6, 2015, hackers identifying themselves as "CyberCaliphate" and claiming affiliation with ISIS compromised the Twitter account and website of CBS affiliate WBOC-TV in Delmarva. The attackers posted multiple militant messages alleging FBI database breaches, including threats such as "INFIDELS, NEW YEAR WILL MAKE YOU SUFFER" and claims of expanding operations from New Mexico to Tennessee. WBOC General Manager Craig Jahelka confirmed the station regained control of WBOC.com but remained locked out of their Twitter account despite contacting the platform. Forensic analysis indicated the attackers initially accessed the system using login credentials belonging to a news department staff member, then leveraged this access to compromise two additional employee accounts. Jahelka explicitly ruled out involvement by current or former disgruntled employees, noting no recent staffing changes. The motivation for targeting this mid-market television station remained unclear to management, with Jahelka questioning why WBOC was selected among approximately 1,200 major network affiliates nationwide.
The attackers disseminated sensitive documents through WBOC's Twitter account, linking to a repository containing stolen Stewart County, Tennessee government records. Stewart County Mayor Rick Joiner verified the authenticity of leaked materials, which included federal bulletins on Ferguson protest policing strategies, government contracts, court documents, and official correspondence. Joiner confirmed these were exfiltrated from what was believed to be secure county servers administered by a third-party contractor. Concurrently, the Albuquerque Journal's Twitter account was compromised by the same group, exposing personal identification documents, sealed criminal records, and spreadsheets containing hundreds of New Mexico residents' addresses and phone numbers. Both breaches utilized PasteBin for document distribution. WBOC management confirmed FBI involvement in investigating the incidents, though no further law enforcement details were disclosed at the time of reporting. The attacks demonstrated unauthorized access to multiple organizational systems and government databases, resulting in widespread exposure of sensitive personal and operational information.