Hackers managed to hijack and deface hundreds of websites across the US to post pro-ISIS messages, images of Saddam Hussein and a recruitment video. SchoolDesk, the Atlanta, Georgia-based web hosting company servicing these sites, confirmed the attack. A hacking group going by the name "Team System Dz" claimed responsibility for the hack that took place around 4am EST on Monday (6 November).
The main page on the compromised sites displayed a black background with photo of former Iraqi leader Saddam Hussein along with the Arabic message seen on the Isis flag that reads: "There is no god but Allah" and "Mohammed is the Messenger of God."
Further down the page, the hackers posted a message in English that read: "I love Islamic State."
SchoolDesk said it "immediately responded" to the situation and took all the compromised websites offline "until the situation could be fully researched."
"Our technical staff discovered that a small file had been injected into the root of one of the SchoolDesk websites, redirecting approximately 800 school and district websites to an iFramed YouTube page containing an audible Arabic message, unknown writing and a picture of Saddam Hussein," SchoolDesk said in a statement.
"Although the exact method and point of intrusion is not yet fully known (possibly an SQL injection or through a user account with a weak password), we have added multiple layers of redundant protection to prevent this from happening again, as well as taking many additional methods to research how this was accomplished and by whom."
SchoolDesk said it is working with a security firm to investigate how the attack took place and look into another measures to prevent such incidents in the future. It also advised the administrators of all the affected websites and its own staff to reset their passwords.
The company is currently working with various local, state and federal law enforcement agencies, including the FBI, to investigate the source of the attack. It assured users that all web content and user data was not compromised in the intrusion.
"All websites, web content and user data is secure and unaltered, and all websites are currently up and working without issue," School Desk said. "Our team will be working diligently to continue to strengthen our network, websites and all sources of access to prevent such activities from occurring again." It also noted that the "many other companies, non-profit organizations as well as private, state and even federal websites" were affected as well.
Over the summer, the hacking group defaced several state and county government websites including that of Ohio Governor John Kasich.
School districts in Virginia, Connecticut, Louisiana and New Jersey were affected in the attack.
The Bloomfield School District said its own website was taken down around 6am and was restored by about 7am and confirmed its internal computer and data systems were unaffected. It noted: "Everything that happened occurred at the web host's companies server farms in Atlanta, Georgia and Florida."
IBTimes UK has reached out to SchoolDesk for comment.