'Anti-ISIS' hackers target West Midlands school and pub websites

News | Published:

Hackers claiming to support the Kurdish army's fight against ISIS launched a cyber attack on schools, pubs and an NHS trust in the West Midlands.

The websites of Dudley and Walsall Mental Health Partnership NHS Board, All Saints Primary School in West Bromwich, Perton Middle School in Wolverhampton and The Holly Bush pub in Cradley Heath were all targeted, along with Staffordshireshort

Messages including the name of the hacker, the words 'long live to peshmarga' above a Kurdish flag, and 'Kurdish Hackers Was Here' appeared on all of the sites yesterday morning.

The peshmerga is an army of Kurdish fighters in northern Iraq. The force, which co-operates with western powers, played a role in the mission to capture Saddam Hussein. Members are currently fighting ISIS in Iraq and Syria.

It is believed the hackers managed to break into outdated versions of website provider WordPress.

All Saints Primary School headteacher Jackie Beech was alerted by a worried parent. The message was under a blog page on the school's website for an arts festival.

The hacked page of All Saints Primary School

Ms Beech said: "A parent called us in the morning, they are good, the parents, and use the website regularly.

"I was in a staff meeting so did not see it, but we told our IT team and it was quickly taken down."


Alun Harding, executive headteacher at Codsall High Federation of Schools, which runs Perton Middle School, said: "A news post was altered. This was removed as soon as it was identified.

Perton Middle School's site also fell victim

"There was no vulnerability of student usernames, passwords or personal data as none of this is accessible through our website."

On, the hackers attacked a holiday review posted in May last year. The website markets accommodation in the county, as well activities and attractions.


Iraqi Kurd 'peshmerga' fighters celebrate as they head to the frontline in territory newly acquired by Kurds and U.S forces after a defensive retreat by Iraqi government forces from Kalak west of Arbil, northern Iraq, April 3, 2003.

It is hosted by Laurels Tech Web Design. Owner Phil Tester said he believed the site was hacked as the WordPress software had not been updated.

He said he had security for the site using firewalls, which had stopped 955 attacks, most from Turkey, in the past 30 days.

He said: "I have one of the best protections on WordPress, of course, it is concerning when you see the site has been hacked.

"I believe they have exploited an outdated version of WordPress on this occasion. I haven't reported it to police, they have more important things to be worried about." Mr Tester has now fixed the problem and none of his other 25 websites were affected.

Also targeted was the website for the Holly Bush pub in Newtown Lane, Cradley Heath.

The Holly Bush pub's site

Under an event blog, the hackers had published their message. But owner Dave Francis saw the amusing side of the attack. He said the story would feature in the pub's open mic comedy event on Thursday night, adding: "I find it slightly amusing, I've got nothing against the Kurds. They have had a rough ride."

He said his website was around a year-and-a-half old and was designed by a friend.

He added: "It does concern me a bit, however, that the website has been hacked. It is scary to think what else they can hack, such as bank accounts and the rest."

Dan Howard, head of business intelligence, at Dudley and Walsall Mental Health Partnership NHS Board, said: "Our IT department identified a breach of the Trust's website security yesterday morning and quickly acted to resolve the situation by the afternoon.

The hacker even targeted this NHS site

The breach affected only one area of our website and no log-in details or patient data has been affected or put at risk as a result of this incident."

University of Wolverhampton maths and computing principal lecturer Tony Proctor, who specialises in cyber security, said the problem often lied in websites using out-of-date software.

He said: "Websites using out-of-date software do so at their peril. That appears to be the crux of what has happened in these instances.

"The hackers will often look for out of date software which leaves websites vulnerable to attacks.

"They used to target the operating systems such as Windows, but as security has improved they look to go for widely-used systems like WordPress.

It is vital users make sure they have installed the latest updates."

Mr Proctor said the hackers in this case will have hunted down websites using the out-of-date software.

He said: "My gut feeling on this one is a group or individual that wishes to draw attention to their cause."

He said the hackers were breaking the law, but it was unlikely that they would be caught. They would be charged under the Computer Misuse Act.


Top Stories


More from the Express & Star

UK & International News