Iranian Hacker Group ‘Danger Security Team’ Target U.S. Universities Including MIT, Harvard

September 2, 2015

Danger Security Team is an Iranian hacker group routinely engaged in hacking and defacing websites. The group was founded in April 2013 (an IP address search shows that its website is hosted in Tehran) and its most recent operation was recorded on August 17th, 2015. The following report details this group’s hacking methods, reach on social media, and methods of recruiting new hackers.

DST’s Website

DST’s website acts as its main marketing tool, promoting its services to a wider audience, but has also become a hub for emerging talent in the Iranian cyber-intelligence market. As recently as May 2015, DST has been recruiting young Iranian hackers in order to grow their ranks. Their website has a section especially devoted to the training of new hackers, as well as the dissemination of computer hacking programs and code which can be used to hack into targeted websites. DST has provided its users the tools and community space to become hackers on their own.

cjl0902
One of the main banners on DST’s website

cjl09021
A list of services provided by Danger Security Team including software downloads, software security testing, consultations with Danger’s experts, and hacking education, as shown on their website

cjl09022
Danger Security Team’s website hosts an online “training center,” where potential users pay to learn from the group’s leader

cjl09023
The “Application” section of the website leads a user to programs made by third parties that can be used with Danger’s customized codes

cjl09024
The “shell” section contains DST’s custom shell scripts, which can be used to access sensitive files from a website

cjl09025
The “lessons” section of the website allows a registered user to access video lessons made by Danger staff

cjl09026
The “community” section of the website allows a registered user to access forums related to hacking and computer problems 

DST Members

The main members of the group are Nima Danger, Wild.soldier, Append-HC, Hunter Ghost, MR.MOh3en, KING.ADE75, and MR.khofashe.siyah.[1] This collective mainly spreads pro-Iranian propaganda in its defacements, but also uses defacements as an opportunity to advertise the services they can provide. One distinguishing factor from many Iranian hacking groups is that DST’s targets are mostly non-political, particularly the servers of universities such as Harvard and MIT,[2] as well as corporations like Microsoft.

cjl09027
Image from DST’s defacement of the Harvard Computer Society’s website. The bottom section reveals the names of many of the group’s members 

DST On Social Media

Besides the typical targets for Iranian hacking groups, DST has also been able to disable and infiltrate the hacking defacement archive website Zone-H, as is shown in a video uploaded to Nima Danger’s YouTube page. DST also has a Facebook page, but there is not a lot of information about them or their operations there.

cjl09028
Danger Security Team’s Facebook page, as of August 19, 2015 they have 20 followers

cjl09029
The YouTube page of Nima Danger, one of DST’s leaders. As of August 18, 2015, it has 5 subscribers

cjl090210
The hacked website monitoring service Zone-H lists DST’s earliest hack on July 16, 2015 and its most recent hack on August 28, 2015 

DST Defacement Images

cjl090211
Image left by DST during their defacement of the Microsoft server, which interrupted service on X-Box Live

cjl090212
Image left by DST on a defaced blog. This message is one of many which is an advertisement for their security services

Endnotes:

[1] Irancybernews.org, August 18, 2015.

[2] Irancybernews.org, August 18, 2015.