'ISIS Hacker' Targets Websites of Folk Singer, Hotels, NASCAR Driver

ISIS hack
The website of the Montauk Manor, a Long Island hotel, was hacked. Montauk Manor Screenshot

What do a folk singer, a bar manager and a NASCAR champion have in common? All spent Saturday night dealing with a hack by someone claiming affiliation with the Islamic State.

The hacker systemically replaced the background images on these and other websites with the Black Standard flag favored by the terrorist group and added text that read, "Hacked by Islamic State (ISIS) We are everywhere ;)"

Music that played automatically in a loop was also added to the sites. The song used is from the ISIS video of a Jordanian pilot being burned to death in a cage after he was taken hostage.

The terrorist-sympathizing hacker also included a link to a Facebook page under the name of Mohammed Aljzairi, who also used the alias Mohammed Ali. On Facebook, Aljzairi claimed responsibility for these hacks and many more, including of the University of California, the Massachusetts Institute of Technology and the Nigerian government. The Facebook page was removed as news of the hacks spread, but a Google search links this name to dozens of affected sites.

Before Aljzairi's Facebook page was removed, he or someone posted an image of 30 pages of affected websites, with 25 sites per page. If accurate, this is a staggering 750 websites hacked at one time, seemingly by one person. Most of the websites Aljzairi claimed responsibility for hacking deal with tourism and leisure activities, such as music shows, hotels and bicycle rentals.

According to his Facebook page, Aljzairi works as a programmer and studied at W3Schools, an online development tutorial service. He "liked" various ISIS-sympathizing Facebook pages and groups. On his Google Plus page, his last known location is shown as Algeria and he describes himself as an "Arab Muslim Algerian." It's not known whether he is an ISIS member or simply a digital sympathizer.

WordPress--an open source website and blog creation tool--was used on the hacked websites reviewed by Newsweek.

"It was a WordPress flaw," a spokesman for Precision Intermedia, the digital agency of the hack-affected Sequoia Park Zoo in Eureka, California, said in a phone interview. A developer at the site did not reply to a request for comment by press time.

To get into some of the websites, the hacker exploited a plugin that allowed Facebook comments to be posted there. "I would say it took less than an hour to resolve. It was not a big deal in the end, but the police department did contact us," a spokeswoman for the zoo said. The FBI is also investigating the string of hacks.

A bar in Somerville, Massachusetts that also uses WordPress but did not have the comments plugin enabled was hacked for about four hours on Saturday. "We thought it was so silly and random that we did not contact authorities," Backbar co-owner Sam Treadway said. "There seemingly was no point to it. There is no end game here."

On Monday, a Google search of Backbar showed "Hacked by Islamic State" was still in the website's contents.

In the United Kingdom, the website of folk singer Lucy Ward was hacked for about an hour before Fast Host and her technical team removed the compromising code. "I didn't feel personally targeted, but it was certainly not a great thing for people to come across with my name on it," Ward said by phone. She is one of the few U.K. residents to be targeted by the attack; the majority seemed focused on U.S. businesses.

Meanwhile, the Edlora Speedway in Ohio, owned by NASCAR champion Tony Stewart, clarified that while it was hacked, no credit card information was breached.

In addition to hacking many sites, Aljzairi posted a list of websites he deemed "vulnerable" on Facebook. These included universities, wedding planners and charities.

A Facebook friend of Aljzairi, who praised the alleged hacker via comments and "likes," is scheduled to attend an "ethical hacking challenge" hosted by an Algerian university this week.