Al-Tahery Al-Mashriky, 26, of Rotherham, South Yorkshire, was given a 20-month prison sentence for several charges of illegal computer access and data exfiltration, part of a major crackdown on ideologically driven cyberthreats.
Al-Mashriky, affiliated with extremist hacking collectives such as the ‘Spider Team’ and ‘Yemen Cyber Army,’ was apprehended in August 2022 by the National Crime Agency’s (NCA) specialized cybercrime unit, following intelligence shared by U.S. law enforcement.
Extensive Cyber Intrusions
Forensic examination of his seized devices, including a laptop and multiple mobile phones, revealed a pattern of sophisticated intrusions targeting government, media, and organizational websites across North America, Yemen, and Israel.
Investigators linked him to these groups through correlated social media profiles and email artifacts, exposing his role in propagating religious and political ideologies via digital sabotage.
Al-Mashriky’s modus operandi involved exploiting vulnerabilities in low-security web infrastructures to gain unauthorized access, followed by the deployment of hidden webpages embedded with his online aliases and propagandistic content.
This form of website defacement not only disrupted site functionality but also amplified his notoriety within underground hacking forums, where he boasted of compromising over 3,000 sites in a mere three-month span in 2022.
Digital forensics conducted by NCA officers uncovered a trove of illicit data on his devices, including personally identifiable information (PII) from more than 4 million Facebook users, alongside credential dumps containing usernames and passwords for services like Netflix and PayPal.
Such stolen assets posed a severe risk for downstream cybercrimes, including identity theft, account takeovers, and financial fraud, highlighting the cascading threats from initial breaches.
Targeted Exploits
Specific incidents detailed in the investigation included the February 2022 breach of the Israeli Live News website, where Al-Mashriky accessed administrative panels and performed a full data exfiltration of the site’s contents.
He similarly infiltrated two Yemeni government portals the Ministry of Foreign Affairs and the Ministry of Security Media employing automated vulnerability scanners to enumerate usernames and exploit weaknesses in their authentication mechanisms.
Extending his reach, Al-Mashriky targeted religious websites in Canada and the United States, as well as the California State Water Board’s online infrastructure, causing operational disruptions and incurring substantial remediation costs for the affected entities.
Victim impact statements, gathered through international law enforcement collaboration, underscored the financial and logistical burdens, including system downtimes and enhanced security overhauls to mitigate future risks.
Originally slated for trial at Sheffield Crown Court in March 2025 on 10 charges under the Computer Misuse Act, Al-Mashriky pleaded guilty to nine offenses on March 17, leading to his sentencing on August 15.
NCA Deputy Director Paul Foster, who leads the National Cyber Crime Unit, emphasized the case’s demonstration of advanced investigative capabilities in unmasking perpetrators.
“Al-Mashriky’s intrusions resulted in widespread website defacements and service disruptions, solely to advance the Yemen Cyber Army’s ideological agenda,” Foster stated.
“Moreover, the exfiltrated PII could have facilitated mass-scale fraud against millions. This outcome reaffirms that even seemingly anonymous cybercriminals can be traced and prosecuted through robust digital forensics and global partnerships.”
The sentencing serves as a stark reminder of the evolving landscape of hacktivism, where low-barrier exploits like SQL injection or weak credential stuffing can lead to high-impact data breaches.
Cybersecurity experts note that such cases underscore the need for organizations to implement multi-layered defenses, including regular vulnerability assessments, intrusion detection systems, and adherence to frameworks like NIST or ISO 27001 to counter similar threats from state-aligned or ideologically driven actors.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
