Cyber Incident Victim: US Army Picatinny Arsenal

On March 30, 2015, the official website of the U.S. Army Picatinny Arsenal’s Joint Munitions & Lethality Life Cycle Management Command (JM&L LCMC) was compromised and defaced by Saudi hackers identifying themselves as Team Bad Dream. The attackers, using the aliases TrYaG Al Arab, 1337kSa, and Faisal Al Hamzi, replaced the site’s content with a defacement page displaying an image of Saudi Arabia’s King Salman bin Abdulaziz Al Saud and a bilingual message. The English portion read, "Oh Oh… Hi U.S. Army We are: TrYaG Al Arab, 1337kSa and Faisal Al Hamzi," while the Arabic text translated to, "We don’t care about anybody….Those who let us down do not affect us." The defacement file, named ksa.jpg, was publicly accessible on the Army’s pica.army.mil domain. Hackers provided their Twitter handles for contact and submitted proof of the breach to Zone-H, a website tracking defacements, which archived a mirror of the hacked page. No specific motive was disclosed in the defacement message, despite the longstanding alliance between the U.S. and Saudi Arabia.

The incident followed a similar attack by Team Bad Dream on March 26 against Egypt’s Ministry of Housing, Utilities, and Urban Communities, which remained defaced as of March 30. Both the U.S. Army and Egyptian ministry websites displayed active defacement pages at the time of public reporting, indicating no immediate remediation. The JM&L LCMC page hosted critical munitions lifecycle management information, though the defacement appeared limited to a single image file without reports of data theft or system disruption. The hackers’ inclusion of social media contacts suggested an intent to publicize their actions rather than conduct covert operations. The U.S. Army Picatinny Arsenal maintained a verified Facebook page, but no platform-specific compromises or responses were noted. Zone-H records corroborated both attacks, with mirrors preserving the defaced content for public viewing.