Cyber Incident Victim: Richland County Fair
Date:
Apr 2016
Location:
United States of America
Summary
Pro-ISIS hackers known as Team System Dz breached multiple Richland County government websites, including those for the Sheriff's Department, Emergency Management, and County Fair, replacing content with terrorist propaganda featuring ISIS logos and threatening messages about an impending takeover. This marked the third successful attack against the county's digital infrastructure within a year, following prior defacements of Veterans Services and Sheriff's Department sites by the same Algeria-based group. The incident impacted at least ten county services simultaneously, mirroring the hackers' previous breaches of the University of Toronto and Isle of Wight, Virginia systems. While all affected websites were restored shortly after the attack, the repeated compromises highlighted persistent vulnerabilities in the county's web security defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 15, 2016, multiple Richland County, Wisconsin government websites were compromised and defaced by the Algeria-based hacking group Team System Dz. The attackers targeted at least ten county-operated domains, including the Richland County Government main site, Sheriff’s Department, Ambulance Service, Veterans Services, Recycling Committee, Health and Human Services, County Fair, Land Conservation Department, Parks Commission, and Emergency Management. Each defaced site displayed the official logo of the Islamic State (ISIS/Daesh) alongside a threatening message referencing the terrorist group’s agenda. The hackers replaced legitimate content with this propaganda, rendering the sites temporarily unusable for public information access or services. This marked the third successful defacement by Team System Dz against Richland County infrastructure within a twelve-month period, following prior intrusions targeting the Veterans Services and Sheriff’s Department websites with similar ISIS-affiliated messages. Historical activity by the group included attacks against the University of Toronto and Isle of Wight, Virginia in 2015, indicating broader targeting patterns beyond Richland County.
County administrators restored all affected websites by the time media reported the incident, though the article did not specify technical remediation steps or forensic findings. The repeated breaches exposed persistent vulnerabilities in the county’s web infrastructure, with no public documentation of enhanced security measures following the two prior incidents. Service disruptions occurred during the defacements, though duration and operational impacts beyond public access were not detailed. Team System Dz documented their attacks through Zone-H mirror archives, providing evidence of the compromises. The incident highlighted systemic security weaknesses enabling recurrent intrusions by the same threat actor, though no data theft, malware deployment, or secondary attacks beyond defacement were reported. Restoration efforts returned sites to normal operation without addressing in the source whether administrators implemented substantive security improvements post-incident.