Cyber Incident Victim: Massachusetts Interscholastic Athletic Association

On November 1, 2021, the Massachusetts Interscholastic Athletic Association (MIAA) website was compromised by a hacker using the aliases “netsaosa” and “g0retrance.” The attacker defaced the site by displaying the word “pwned” prominently and implemented a pop-up redirecting visitors to the Twitter account associated with g0retrance. This intrusion disrupted the scheduled release of the MIAA’s official statewide tournament brackets, causing delays that were initially noted by reporters covering the event. MassLive.com journalist Meredith Perri identified the compromise after observing the website’s anomalous behavior. The hacker embedded a message beneath the defacement stating, “should have listened to my emails instead of ignoring me … don’t worry, this is harmless. just to get ur attention :),” indicating prior attempts to contact the organization about security concerns. The incident temporarily rendered the website inoperable for its intended purpose during a critical period for tournament planning.

The attacker publicly claimed the breach was intended to highlight security vulnerabilities rather than inflict damage, emphasizing a goal of compelling the MIAA to address flaws. No data theft or further disruption beyond the defacement and redirection was reported. The compromise directly impacted the MIAA’s operational timeline, delaying bracket publications essential to schools and participants. Public attention to the incident arose through media coverage and the hacker’s social media channels. The MIAA did not publicly detail its response measures, though the hacker’s message suggested prior unheeded communications about security issues. The event underscored risks associated with unaddressed vulnerabilities in organizational web infrastructure, particularly during high-traffic periods.