Hacktivists Target Trump: US Army Websites Defaced in Protest

TL;DR
- Hacktivists defaced two U.S. Army websites (Open Innovation Lab and AI Integration Center) to display anti-Trump messages, including accusations of being a "pedophile" and "thief" linked to the Jeffrey Epstein files.
- The attackers exploited vulnerabilities in WordPress plugins on the legacy unclassified systems, though the DHS confirmed no classified data or networks were compromised during the breach.
- The U.S. Army immediately took the affected pages offline and is investigating the incident, which also included pro-Kurdish slogans and calls for a "free Kurdistan."
The U.S. Army has temporarily shut down two of its websites after hacktivists defaced them with inflammatory messages accusing President Donald Trump of serious crimes, marking a fresh escalation in digital protests targeting federal government systems.
The Defacement: Anti-Trump and Pro-Kurdish Messages
On Monday, the error pages of the U.S. Army's Open Innovation Lab and AI Integration Center were altered to display messages that appeared when users attempted to access non-existent web pages. The defaced content included harsh accusations labeling President Trump a "pedophile" and a "thief," likely referencing the president's extensive inclusion in files held by the Justice Department concerning the late financier and convicted sex offender, Jeffrey Epstein.
Beyond the anti-Trump rhetoric, the hackers also embedded pro-Kurdish slogans, specifically calling for a "free Kurdistan," and referenced Tom Barrack, the current U.S. ambassador to Turkey. Security researcher Ronald Lovelace, who first reported the incident to Cyberscoop, confirmed that the error pages had been modified to trigger these specific messages.
How the Attack Was Executed
The breach appears to have been facilitated by exploiting vulnerabilities in the software stack used by the targeted websites. Reports indicate that both the Open Innovation Lab and AI Integration Center were built on WordPress and relied on multiple plugins, which were allegedly exploited by the attackers to gain unauthorized access.
This incident represents the latest in a series of cyberattacks compromising systems operated by the U.S. federal government in recent months. The attackers are believed to be hacktivists—individuals or groups who deface websites to promote political causes rather than to steal data for financial gain.
Army Response and Security Implications
Upon being alerted by tech publications, the U.S. Army took the affected pages offline immediately. The Department of Homeland Security (DHS) subsequently stated that the incident affected only a legacy unclassified system and stressed that no classified networks or information were compromised. This clarification was crucial given the timing, as the United States is currently hosting FIFA World Cup matches, raising concerns that sensitive operational security planning could have been exposed.
While the Army has confirmed the breach, it remains unclear if any data was stolen during the incident. The publication is currently investigating the scope of the data loss, but the primary focus of the hacktivist group appears to be reputational damage and drawing attention to political grievances.
The Growing Threat of Cyber Vandalism
This event underscores the persistent vulnerabilities in digital infrastructure, even for critical organizations like the U.S. Army Research Laboratory and its innovation hubs. While such attacks are often intended to draw attention to an issue, they can significantly damage the credibility and reputation of the affected organizations.
Cybersecurity specialists note that digital defacement of U.S. government websites is becoming a more prominent tactic for militant and political organizations. As seen in previous breaches involving the Syrian Electronic Army and ISIS sympathizers targeting military accounts, the operational networks often remain secure, but the public-facing presence suffers immediate and visible harm. The U.S. Army is now investigating the incident to determine how the plugin vulnerabilities were exploited and to prevent future occurrences.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!