Group Claiming to be Pro-Islamic State Hacks Texas Botox Boutique’s Website

Moroccan Revolution Team
Photo: KVUE Video Screenshot

A group claiming to be pro-Islamic State allegedly hacked into a Texas facial rejuvenation boutique’s website last week. The hack temporarily shut down the business’ online presence and posted the image of the Islamic State flag along with a message.

When Saving Face clients attempted to schedule their appointments online for botox, other injectables or skin care treatments at the Austin-based spa, they saw the Islamic State flag on screen with the text: “Hacked by the Moroccan Revolution Team,” according to the local ABC affiliate KVUE 24.

“It was speaking in Arabic, there was someone chanting music in the background,” said business owner Brooke Nichol, certified with the Texas Board of Registered Nurses. She added her immediate response to what she saw was to “get this fixed.” Within four hours, Nichol’s IT security company removed the ISIS images from the website. The site is back up and running, a relief to Nichol who said: “Thank God it only lasted four hours because this is my primary way of booking clients.”

In April, the FBI issued online a public service announcement (PSA) about this kind of cyber-crime, writing, in part: “Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS).”

The FBI pointed out that “the perpetrators are not members of the ISIL terrorist organization” and demonstrate low-level “relatively unsophisticated methods to exploit technical vulnerabilities.” The Bureau said these cyber-criminals use “the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered.”

In May, the Moroccan Revolution Team reportedly hacked into a New York area healthcare company’s website. When the Islamic State sympathizers seized the Westchester Health website, it displayed the Islamic State flag but had a different message than on the Austin company’s site. It declared: “I love you ISIS,” according to New York’s WPIX 11, which indicated that no client information was compromised.

Cyber-crime and terrorism expert Manuel Gomez called cyber-crime the number two threat the FBI investigates internationally and terrorism, number one. “This has a nexis to terrorism,” said Gomez, also a former marine, NYPD sergeant, FBI agent and the attorney who founded MG Security Services. When the Moroccan Revolution Team attacked Westchester Health’s site, Gomez stated it had “never been seen before” where an ISIS-related or sympathizing group hacked a local healthcare provider’s website.

Sean McCleskey, former U.S. Secret Service agent, now program coordinator at the University of Texas at Austin’s Center for Identity, told the ABC Austin affiliate that the group’s likely intention is to spread propaganda and fear. “That’s what terrorist groups want to do, is to keep you from doing what you would normally do.” The Center for Identity forecasts threats and delivers solutions to anticipate and mitigate current and future data and security breaches, plus identity and privacy threats.

According to the FBI, these “defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.”

The Bureau added that websites are not directly targeted by name or business type and all victims are compromised through WordPress plug-in vulnerabilities. WordPress is a widely used web publishing tool. While Saving Face’s IT company blocked anyone outside the U.S. from accessing the website, the FBI recommended safety precautions in the online PSA to better secure WordPress and prevent this type of hacking incident. They listed among their suggestions reviewing WordPress guidelines, updating, security monitoring, patching vulnerable plugins, and running all software as a non-privileged user to diminish the effects of a successful cyber attack.

Follow Merrill Hope on Twitter @OutOfTheBoxMom.