The Jester, a hacktivist who is normally known for short term denial of service attacks against Jihadist web forums and who recently claimed responsibility for an outage at Wikileaks in the middle of Cablegate (Wikileaks publication of U.S. diplomatic cables) has himself become the target of the large scale hacktivist protest called Operation Payback.
The Twitter account of the French Foreign Ministry was compromised, and an anti-Romanian message posted, in the midst of the deportation of some 100 Roma from the country.
At some time around 10pm on Thursday, users going to Twitter.com were served the page below with a banner reading “This site has been hacked by the Iranian Cyber Army”. Also, mowjcamp.org, a site for supporters of Mir-Hossein Mousavi Khameneh a candidate who ran against Mahmoud Ahmadinejad in the 2009 Iranian presidential election, has been serving a similar defacement since at least December 16th and continues to do so. The motive appears to be activism in support of Iran’s current Islamic regime. The attack vector was a bad actor using an id and password assigned to Twitter to log in to the administrative portal of managed DNS service provider Dyn.
It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application loading a list of recruitment events at colleges was compromised on the careers section of nsa.gov.