The FBI is investigating the hacking of several U.S. websites by someone claiming to be affiliated with ISIS over the weekend, which spread to Europe on Sunday night. Law enforcement and security analysts said they suspected no link to the Islamist terrorist group, however.
The Dublin Rape Crisis Centre in Ireland was the latest site to be defaced, its homepage topped by a picture of the black ISIS flag and the words "hacked by ISIS, we are everywhere," with a Facebook address that doesn't exist. A Flash audio plugin played what appeared to be a song in Arabic.
The same imagery appeared Saturday on the homepage of Eldora Speedway in Rossburg, Ohio, owned by NASCAR star Tony Stewart, a church in Canada and a Goodwill center in St. Louis, among other sites. "The FBI is aware of the reported incidents and is contacting the impacted parties," the agency said.
In many cases, local investigators and analysts said they suspected a hoax.
Evan Kohlmann of Flashpoint Intelligence, a global security firm and NBC News consultant, said, "There are no indications that the individuals behind these latest hacks have any real connection to ISIS, and these defacements have taken place amid a spate of recent attacks where ordinary hackers have cynically used far-fetched references to ISIS as a means of attracting media attention."
The hacks certainly got people's attention.
"All of a sudden, our website was taken over by a hacker that took over a header stating that the website was now under the control of the Islamic State," Eldora Speedway General Manager Roger Slack told NBC station WLWT of Cincinnati. The site was back up and running Sunday night.
Southwest Montana Community Federal Credit Union's site, however, remained down, with the message "Under Construction." The credit union's chief executive, Tom Dedman, said the site was offline so a security specialist could investigate.
Silver Bow County Sheriff Ed Lester told NBC station KTVM of Butte that no account information was compromised. He said his office had contacted the FBI, but he, too, was highly doubtful that the hack anything to do with the Islamist extremist group.
"I don't think ISIS agents would be interested in a hack like this," Lester said. "I think this is more likely a domestic hacker rather than international cyberterrorism."
Similar hacks were reported over the weekend at other sites, which appeared to have little or no link to one another, including being registered with different domain registrars and hosted by different server companies. They included: