Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites

A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire.

The prolific attacker, who operated under multiple aliases within the extremist hacking collective “Yemen Cyber Army,” was sentenced to 20 months imprisonment after pleading guilty to nine offences under the Computer Misuse Act.

Al-Mashriky’s campaign of digital disruption spanned from 2022 through his arrest, targeting high-profile entities including the Yemen Ministry of Foreign Affairs, Yemen Ministry of Security Media, Israeli Live News, faith-based websites across North America, and critical infrastructure sites such as the California State Water Board.

His methodology centered on exploiting low-security web applications, where he would gain unauthorized administrative access before deploying reconnaissance tools to enumerate additional vulnerabilities and user credentials.

The scale of Al-Mashriky’s operations became apparent when he boasted on cybercrime forums about compromising over 3,000 websites within a three-month period in 2022.

NCA analysts identified the hacker’s connection to the Yemen Cyber Army through digital forensics analysis of his seized devices, revealing a trove of stolen credentials affecting over 4 million Facebook users alongside login credentials for premium services including Netflix and PayPal.

Attack Vector Analysis and Persistence Mechanisms

Forensic examination of Al-Mashriky’s digital infrastructure revealed a systematic approach to website infiltration that prioritized quantity over sophistication.

His attack methodology involved scanning target websites for common vulnerabilities, particularly focusing on unpatched content management systems and weak authentication mechanisms.

Once initial access was achieved, Al-Mashriky would escalate privileges to administrative levels, enabling him to manipulate website content and establish persistent backdoors.

The hacker’s signature technique involved creating concealed webpages embedded with ideological messaging and personal identifiers, transforming compromised websites into propaganda platforms.

In the case of Israeli Live News, investigators discovered that Al-Mashriky had downloaded the entire website database after gaining administrative access, demonstrating the potential for large-scale data exfiltration.

His scanning tools systematically catalogued usernames and system vulnerabilities, creating detailed reconnaissance profiles for future exploitation campaigns.

Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit emphasized the investigation’s significance in demonstrating law enforcement’s capability to track sophisticated cybercriminals across international boundaries, noting that such operations cause substantial operational disruption to targeted organizations while enabling potential fraud against millions of individuals.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites appeared first on Cyber Security News.