Cyber Incident Victim: YouTube

On April 15, 2015, three Bangladeshi hackers using the aliases Ne0-h4ck3r, TiGER-M@TE, and F0RTYS3V3N executed coordinated defacement attacks against multiple high-profile domains, including YouTube.my (YouTube Malaysia), Google Images (images.google.com.my), Yahoo Malaysia (yahoo.my), and Google Malaysia (ns2.google.com.my). The attackers replaced the legitimate content of these domains with a defacement page displaying the message "Pwnd by! Ne0-h4ck3r, TiGER-M@TE and F0RTYS3V3N | Mirror on the wall | #Hackers r0x Lamers Sux | How are you? | Here we are again!" alongside contact information ([email protected]). This marked the second compromise of Google Malaysia within 24 hours, following an earlier DNS redirection attack attributed to TiGER-M@TE. Zone-h.org mirrors provided technical evidence of the breaches, confirming unauthorized access to the domains. The attackers did not disclose a motive in their defacement message.

The incident caused temporary disruption to services under the affected Malaysian country-code top-level domains (.my), though Yahoo.my redirected users to malaysia.yahoo.com during the outage. Ownership ambiguity surrounding Yahoo.my—contrasted with Malaysia.yahoo.com’s registration—complicated attribution of that specific breach. All compromised domains were restored by the time the article was published. Historical context revealed the same hacking group previously defaced Google Kenya in 2013, indicating a pattern of targeting Google-affiliated regional domains. The defacements did not extend beyond the replacement of web content, with no reported data exfiltration or secondary malware deployment. No statements from Google, YouTube, or Yahoo regarding incident response procedures or forensic findings were documented in the source material.