Cyber Incident Victim: United States Air Force
Date:
Jun 2015
Location:
United States of America
Summary
Pro-Palestinian hackers from AnonGhost compromised two US Air Force subdomains—the Profession of Arms Center of Excellence and Professional Development Guide—defaceing them with anti-US and anti-Israeli messages accusing both militaries of killing civilians. The attackers claimed access to the sites' databases, though no evidence confirmed sensitive data breaches, and both domains were taken offline following the incident. This group had previously targeted Israeli financial systems and US law enforcement websites, leaking credentials and diverting funds to pro-Palestinian causes. The hack occurred shortly after public calls for enhanced national cybersecurity measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 10, 2015, pro-Palestinian hacking group AnonGhost compromised two subdomains of the US Air Force website in a politically motivated cyberattack. The targeted domains belonged to the Profession of Arms Center of Excellence (PACE) at airman.af.mil and the Professional Development Guide at pdg.af.mil. Attackers replaced legitimate content with defacement pages containing an anti-US message accusing American and Israeli forces of killing Palestinian civilians in Gaza, Iraqi civilians in Iraq, and Afghan civilians in Afghanistan. The defacement specifically referenced bombings of houses and mosques, arrests of innocent people, and alleged media propaganda used to justify military actions. AnonGhost claimed to have accessed the websites' databases during the breach, though no evidence confirmed whether sensitive data was actually exfiltrated or compromised. The group published mirrors of both defaced pages through Zone-h, an archival service documenting website compromises, to verify their claims. Both affected subdomains became inaccessible shortly after the attack, remaining offline at the time of media reporting. This incident occurred two days after President Obama publicly emphasized the need for stronger cybersecurity protections for US government systems.
The attack represented part of AnonGhost's ongoing campaign against perceived opponents of Palestinian interests, with the group having previously targeted Israeli financial systems and US law enforcement websites. Prior operations included an April 2015 breach of Israeli credit card data where the group diverted approximately $18,000 to pro-Palestinian charities, followed by May and June 2015 compromises of sheriff's office websites in Wayne County and Piatt County that exposed employee credentials. No technical details about the Air Force website intrusion methods were disclosed publicly. The US Air Force took immediate containment measures by taking both subdomains offline, though no official statements regarding incident response or forensic investigations were reported. The defacement's political messaging directly linked the attack to US foreign policy decisions regarding Israel and Middle Eastern military operations. While the operational impact appeared limited to temporary website unavailability and reputational damage, the breach demonstrated vulnerabilities in military-affiliated public web assets during a period of heightened attention to government cybersecurity readiness.