The homepage for the U.S. Federal Depository Library Program was briefly altered Saturday evening to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face.
A line at the bottom read: “Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran’s cyber ability! We’re always ready.”
The website was not accessible soon after the image appeared.
CBS News could not confirm who was responsible. Several experts who track cyber activity were not aware of a group called Iran Cyber Security Group Hackers, and its affiliation with Iran could not be confirmed.
It was not clear that hackers penetrated past the homepage. The damage from the act would be relatively small — more symbolic than destructive.
The Federal Depository Library Program was created to provide the public with “no-fee ready and permanent public access to Federal Government information,” which includes bills and statutes, court opinions and a wide range of material produced by the government.
A spokesperson for the Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, acknowledged the hack.
“We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners.”
A senior U.S. official involved in cybersecurity matters confirmed the incident but dismissed its importance: “This is a nothing event,” the senior official said. “Small, under-resourced agency. A defacement is small-time stakes.”
The senior official added the hackers were likely sympathizers to the Iranian regime but not linked to the government itself.
The hack comes two days after the U.S. killed a top Iranian general, Qassem Soleimani. Iran pledged to retaliate, and the Department of Homeland Security on Saturday cited a cyberattack as one possibility, though cited “no credible threat.”
In a bulletin posted to Twitter, DHS said “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
– Additional reporting from Major Garrett and Dan Patterson