Cyber Incident Victim: Arab and Muslim American Political Action Committee
Date:
Sep 2016
Location:
United States of America
Summary
A hacker using the alias MuslimLeets targeted the American Human Rights Council and 62 other websites, including the Arab and Muslim American Political Action Committee, through a server breach that led to widespread defacement with jihadist messages in grammatically poor English. The attack disrupted various businesses and organizations, causing temporary shutdowns, with the web host Novocam describing it as their most sophisticated incident to date. Law enforcement and network administrators investigated, while the perpetrator called for rejecting Western culture and adhering to Quranic law. Despite the breach, the affected entities maintained backups for restoration and affirmed their commitment to continue operations undeterred by the extremist tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between September 14 and 16, 2016, a hacker using the alias MuslimLeets (also identified as Muj4hida) executed a coordinated cyberattack targeting 63 websites hosted on servers managed by Novocam, a Detroit-based web hosting provider. The attack initially compromised the American Human Rights Council (AHRC), with the hacker gaining unauthorized access to its servers. This breach subsequently propagated to dozens of other websites sharing the same hosting infrastructure, including businesses operated by doctors, lawyers, real estate agencies, and two prominent Arab-Muslim organizations: the American Muslim Leadership Council (AMLC) and the Arab and Muslim American Political Action Committee (AAPAC). The attacker defaced all affected websites, replacing their content with a message written in grammatically flawed English that called for jihad, criticized Western cultural influence, and referenced conflicts in Syria, Palestine, Iraq, Burma, Chechnya, Africa, and Asia. The message explicitly addressed Muslim audiences and world governments, declaring adherence to Quranic law over "wrong" secular laws.
AHRC Executive Director Imad Hamad confirmed the intrusion and noted the organization's webhost Novocam, alongside law enforcement agencies, initiated immediate investigations. Novocam founder Mohammad Abdulaziz characterized the incident as unusually sophisticated compared to routine weekly hacking attempts, requiring seven network administrators to analyze the breach's origin and methodology. The attack forced complete shutdowns of AMLC and AAPAC websites, disrupting their operations indefinitely. Despite the severity, Novocam removed the defacement messages within hours and planned to decommission the compromised server entirely, restoring all affected sites from backups. Hamad framed the attack as retaliation for AHRC's human rights advocacy, stating the organization would not be intimidated by extremist groups seeking to spread fear. Forensic analysis indicated the hacker exploited a single point of failure at AHRC to cascade attacks across shared server resources, though specific technical vulnerabilities were not disclosed. No data theft or secondary malware deployment was reported beyond the defacements.