Cyber Incident Victim: Arizona
Date:
Jul 2016
Location:
United States of America
Summary
A Turkish hacker using the alias "aLem!" compromised and defaced multiple high-profile government websites, including those of the state legislature and representatives, replacing their homepages with anti-US messages and displaying a logo from a Turkish football club. The attacker, associated with the Turk Hack Team and active since 2007, successfully breached these targets despite their governmental status, though all affected sites were restored shortly after the incident. The defacement mirrored similar recent attacks leveraging sports affiliations but lacked a clear geopolitical or sporting motive tied to US-Turkey relations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On July 1, 2016, a Turkish hacker using the alias "aLem!" successfully defaced three official Arizona government websites: the State of Arizona's primary site, the Arizona House of Representatives site, and the Arizona State Legislature site. The attacker replaced each homepage with a custom page containing an anti-United States message and displayed the logo of Eskişehirspor, a professional football club based in Eskişehir, Turkey. The defacements occurred within hours of each other, with all three sites compromised simultaneously. While the exact intrusion method remained unconfirmed, the incident raised questions about the security posture of high-profile government digital assets given the institutions' visibility. Zone-H archives preserved evidence of the defacements, confirming the scope and content of the unauthorized page modifications. The hacker did not claim any specific political motive or demand, though the football club imagery drew superficial parallels to contemporaneous defacements by Albanian hackers during UEFA Euro 2016 matches.
The compromised websites became unavailable during the defacement period but were fully restored to normal operation before the incident's public disclosure later that same day. No data theft or secondary malicious payloads were reported beyond the temporary homepage replacement. Forensic analysis revealed the perpetrator had been active in website defacements since at least 2007 and maintained affiliations with the Turk Hack Team, a known Turkish hacking collective. The incident caused no permanent operational disruption to Arizona's legislative functions, though it temporarily impaired public access to official information resources. Security researchers noted the breach followed patterns of symbolic digital protests common among nationalist hacking groups, though no verifiable connection existed between U.S.-Turkey football relations and the attacker's choice of symbolism. Restoration efforts focused on removing the unauthorized content without disclosing whether underlying vulnerabilities were patched.