Turkish cybercriminals going by the name, “RootAyyildiz,” defaced Joe Biden’s official campaign website’s subdomain, “vote.joebiden.com.” The incident that took place just a few weeks ahead of the official change of guard in the White House has made experts believe this will act as a strict reminder to Biden to prioritize securing the cyberspace once he settles in office.
The Hack and the Message
Biden’s official campaign website JoeBiden.com had a subdomain, vote.joebiden.com. This was used by Biden and Harris as a part of their official campaign to help voters find polling centers, campaign events whereabouts, and offered state-specific voter guides. Post the elections, which took place in the first week of November, the traffic from this subdomain was redirected to the Democratic party’s “I WILL VOTE” website. However, on November 18, this website displayed a message in the Turkish language with the country’s flag placed at the top and aliases and usernames such as “MarbeyliWerom,” “b4rbarøsas,” and “oneshot,” below it.
The message when converted to English read:
We took ablutions and started our journey. We made our funeral prayer for our brother.
We made a promise to the Great Hakan, we will kill for the chief.
Damn those who live for money and fame, greetings to those who live for the cause of Islam.
Here I warn the US backed so-called political parties like chp hdp good party, if you don’t take your hands off my state, my nation, we’ll be a nightmare.
We will now decipher your most private conversations and take you around on the street.
RootAyyıldız is not a Group or an Organization, but a Vatan Lover who Fights alone.
At the end of the note, a photo of the 34th Sultan of the Ottoman Empire, Abdul Hamid II, was also placed with a footer note saying, “We; We are the ones who stopped the tanks with their bare hands on the night of July 15. We are those who killed death that night. We have been waiting for Archers Hill for 15 centuries! We are the keepers of that golden banner that will never miss its shadow on us.”
As per the note, this hack does not seem to be the work of a threat group, however, it is still not certain as to which vulnerability led to the defacement of Joe Biden’s website.
Biden and Trump’s Apps were Hacked Earlier
At a campaign event in Tucson, Arizona, on October 21, President Trump made a false claim that “Nobody gets Hacked.” However, days later, Promon, a Norwegian cybersecurity firm, hacked both Joe Biden and Donald Trump’s election apps to prove: “Everything can be hacked.”
The white hat hackers at Promon were analyzing the election apps of the two candidates when they discovered that both apps were highly vulnerable to a known and critical Android vulnerability known as StrandHogg. This vulnerability allows malware gangs to hijack legitimate apps and perform malicious operations like phishing.