Cyber Incident Victim: British National Party
Date:
May 2014
Location:
United Kingdom
Summary
The British National Party experienced a compromise of its official website and Twitter account by a hacker claiming affiliation with Anonymous. The attacker defaced a website subdomain with imagery associated with the group and altered the Twitter profile to sarcastically promote pro-immigration views, contradicting the party's stance. Offensive messages were disseminated through the hijacked account targeting UK parliament members and other users. The hacker stated the intrusion was opportunistic rather than ideologically motivated, indicated no geographical ties to the UK, and suggested potential Asian origins for the operation. While the organization attempted to regain control by publishing some content, the attacker's modifications and messages remained visible at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On May 2, 2014, the British National Party (BNP), a far-right UK political organization, experienced a coordinated compromise of its digital assets. An attacker claiming affiliation with Anonymous breached both the party’s official Twitter account and the communications.bnp.org.uk subdomain of its website. The Twitter account hijacking involved the publication of anti-government messages, including offensive tweets directed at members of the British Parliament and other users. The hacker altered the account’s profile description to falsely state “BNP, the pro-immigration party,” directly contradicting the party’s anti-immigration stance. Simultaneously, the attacker defaced the website subdomain, replacing its content with an image of an individual wearing a Guy Fawkes mask seated at a computer, accompanied by the text “Hacked by Anon_0x03, [Expletive] the Government!” The BNP published some messages on the compromised Twitter account on the morning of the incident, but all malicious tweets remained visible on the feed at the time of reporting, indicating incomplete containment.
The attacker stated the BNP was a random target and offered to transfer control of the Twitter account to another user, clarifying they were not based in the United Kingdom. No specific political motive beyond general anti-government sentiment was articulated, though the article noted the BNP’s ideology aligned with typical targets of Asian hacktivist groups. The scope of the incident included unauthorized access to social media and web infrastructure, with defacement confined to a subdomain rather than the primary website. The BNP’s ability to partially resume Twitter activity suggested some account access was regained, but the persistence of the attacker’s tweets and the defaced subdomain at the time of reporting indicated unresolved compromises. No additional remediation actions, third-party disclosures, or technical countermeasures by the BNP were documented in the available source material. The operational impacts included prolonged public visibility of unauthorized content and reputational distortion through the altered profile description.