The FBI is investigating the hacking of several U.S. websites by someone claiming to be affiliated with ISIS over the weekend, which spread to Europe on Sunday night. Law enforcement and security analysts said they suspected no link to the Islamist terrorist group, however.
The Dublin Rape Crisis Centre in Ireland was the latest site to be defaced, its homepage topped by a picture of the black ISIS flag and the words "hacked by ISIS, we are everywhere," with a Facebook address that doesn't exist. A Flash audio plugin played what appeared to be a song in Arabic.
The same imagery appeared Saturday on the homepage of Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart, a church in Canada and a Goodwill center in St. Louis, among other sites. "The FBI is aware of the reported incidents and is contacting the impacted parties," the agency said.
In many cases, local investigators and analysts said they suspected a hoax.
Evan Kohlmann of Flashpoint Intelligence, a global security firm and NBC News consultant, said, "There are no indications that the individuals behind these latest hacks have any real connection to ISIS, and these defacements have taken place amid a spate of recent attacks where ordinary hackers have cynically used far-fetched references to ISIS as a means of attracting media attention."
The hacks certainly got people's attention.
"All of a sudden, our website was taken over by a hacker that took over a header stating that the website was now under the control of the Islamic State," Eldora Speedway General Manager Roger Slack told NBC station WLWT of Cincinnati. The site was back up and running Sunday night.
Southwest Montana Community Federal Credit Union's site, however, remained down, with the message "Under Construction." The credit union's chief executive, Tom Dedman, said the site was offline so a security specialist could investigate.
Silver Bow County Sheriff Ed Lester told NBC station KTVM of Butte that no account information was compromised. He said his office had contacted the FBI, but he, too, was highly doubtful that the hack anything to do with the Islamist extremist group.
"I don't think ISIS agents would be interested in a hack like this," Lester said. "I think this is more likely a domestic hacker rather than international cyberterrorism."
Similar hacks were reported over the weekend at other sites, which appeared to have little or no link to one another, including being registered with different domain registrars and hosted by different server companies. They included:
- Two companies in St. Louis: MERS Goodwill and the digital agency Elasticity. MERS Goodwill Executive Vice President Mark Arens told NBC station KSDK: "I had a lot of disbelief. Kind of turned to my wife to say we've been attacked by ISIS. She had a number of questions."
- Moerlein Lager House and Montgomery Inn in Cleveland and Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart. "All of a sudden, our website was taken over by a hacker that took over a header stating that the website was now under the control of the Islamic State," said Eldora Speedway General Manager Roger Slack told NBC station WLWT of Cincinnati.
- The historic Montauk Manor, a condominium complex on New York's Long Island. "It's been a fun day," Kathy Surrey, the complex's night manager, told the newspaper Newsday. "I don't mind the advertising, but this isn't good advertising."
- Sequoia Park Zoo in Eureka, California.
- Backbar, a ritzy cocktail bar in Somerville, Massachusetts. "Our website is now fully down... but the bar is fully open!" the bar's managers wrote on Facebook. "It's Saturday night! Come have a cocktail, don't let ISIS win!"
- Third Street Brewhouse in St. Cloud, Minnesota.
- North Douglas Pentecostal Church in Saanich, British Columbia, whose pastor, Rod Fair, told CTV: "I don't think there's any danger. I think somebody did this for attention's sake, and that's all there is to it."