Cyber Incident Victim: Delaware Treasury Division
Date:
Aug 2014
Location:
United States of America
Summary
The Delaware Treasury Division website was defaced by hackers identifying as SaLeM group, who replaced its content with anti-Israel and pro-Palestinian messages related to the Gaza conflict. The intrusion exploited security vulnerabilities in a third-party web hosting service used by the agency instead of government-managed infrastructure. Officials restored the site within hours, confirming no data theft occurred and characterizing the incident as a symbolic act tied to a broader wave of U.S. website defacements. State security personnel attributed the breach to the Treasury's independent hosting arrangement and acknowledged existing security flaws that facilitated the unauthorized access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 19, 2014, the Delaware Treasury Division website was compromised by hackers who replaced its content with anti-Israel and pro-Palestinian messages referencing the Gaza conflict. The attackers, identifying themselves as the SaLeM group, defaced the site to display political statements declaring their actions would continue "until Gaza was free." Officials became aware of the intrusion and initiated a response, though the exact time of the initial breach remains unspecified. The website was fully restored within hours of discovery, indicating a rapid containment effort. Elaine Starkey, Chief of Security for Delaware’s Department of Technology and Information, confirmed no sensitive data was stolen during the incident, clarifying the attackers’ primary objective appeared to be ideological messaging rather than financial gain or data theft.
The breach was attributed to security flaws in the Treasury website’s infrastructure, which was managed by a third-party provider rather than through state government services. Starkey explained this arrangement resulted from the Treasury Division’s preference for a customized design independent of standard government hosting. The incident formed part of a broader pattern, as Starkey noted similar defacements occurred on multiple U.S. websites around the same time, suggesting a coordinated campaign targeting vulnerable platforms. Restoration efforts focused on removing the unauthorized content and reinstating legitimate services without prolonged downtime. No additional technical details regarding the exploited vulnerabilities or forensic findings were disclosed publicly. The defacement temporarily disrupted public access to the site but caused no lasting operational or financial impacts beyond reputational exposure.