The US intelligence community highlighted a cyber attack from Turkey as part of clandestine efforts to influence the US presidential election in a foreign threat report issued on March 15, 2021.
The declassified report, released by the National Intelligence Council (NIC), listed a hack by Turkish group RootAyyıldız (also referred as RootAyyildiz) on a website set up for the Biden-Harris presidential campaign as a foreign threat to the 2020 US elections.
“In November, hackers promoting Turkish nationalist themes breached and defaced a website previously established for a candidate in the US presidential campaign, according to US cybersecurity press,” the NIC stated in the report.
The defacement of the site lasted more than a day. It was a promotional website for Biden and his running mate, raising funds for the campaign and providing information. The site was later redirected to iwillvote.com in early November according to a screenshot from the Internet Archive’s Wayback Machine.
This is the first time that the NIC has listed Turkey, a NATO ally, as a country where an attempt to interfere in the US elections originated. The NIC is best known for producing National Intelligence Estimates, which are intelligence community-wide forecasts of issues and challenges facing the security of the United States. In the report Turkey was mentioned with other countries such as Russia, Iran, China and Venezuela and Hezbollah, a pro-Iran entity in Lebanon.
In November 2020, when RootAyyıldız hacked the Vote Joe website, vote.joebiden.com, the hackers posted a nationalist and Islamist message that by and large repeated the narrative often promoted by ruling Justice and Development Party (AKP) officials in Turkey, led by President Recep Tayyip Erdoğan.
The hackers identified themselves as “Turkish Muslim Defacer” and emphasized that they follow the Turkish president, described as “Reis” (Chief) in the posted message, and are on the path of a Turkish Islamist jihadist campaign to dominate the world. The opposition political parties were alleged to have been supported by the US, and the hackers warned of further consequences if the US did not leave Turkey alone.
The translated version of the message is as follows:
“We made the ablution [used here as a means to clean oneself to get ready to be martyr in jihad] before and set out on a journey, we said our own funeral prayer, we sharpened our blade for our brother. We made our pledge to the Great Sultan [late Ottoman Sultan Abdulhamid II, an authoritarian ruler revered by Islamist circles in Turkey]. We will kill for Reis [Chief – President Erdoğan] anybody who sets their eyes on our [Turkish-Islamic] cause.
“Damn those who live for money and fame, greetings to those who live for the Islamic cause. From here, I warn the US-backed, so-called [opposition] political parties like the CHP [main opposition Republican People’s Party], HDP [pro-Kurdish Peoples’ Democratic Party] and the Iyi [conservative/nationalist Good] Party.
“We’ll be your nightmare if you don’t take your hands off my [Turkish] state, my nation. We will make you afraid of walking in the street [in shame] by revealing your most private conversations.
“RootAyyıldız is not a group or organization but a patriot who fights alone. We hail anybody who fights for Turk and Islam. May Allah be our help. We do not use social media. Don’t be fooled by fake accounts.”
The hackers also posted a picture of President Erdoğan and Ottoman Sultan Abdulhamid II on the defaced website.
A caption below the picture read: “We are the ones who stopped the tanks with our bare hands on the night of July 15 [2016 failed coup]. We are those who killed death that night. We have been waiting for Archers’ Hill for 15 centuries [a reference to a scene in the Battle of Uhud fought by the Muslim Prophet Muhammad]! We are the keepers of that red [Turkish] flag that will never abandon its shadow on us.”
Archers’ Hill has often been mentioned by the Turkish president in his campaign rallies, especially when he wanted to appeal to the younger generation in a bid to convince voters to stick with him. Muslim archers in the battle left their designated spot on the hill during the campaign, defying Muhammad’s orders. That led to a surprise attack by the enemy, who exploited the archers’ absence in a key area and caused disarray among Muslim ranks by the cavalry offensive.
A page from the National Intelligence Council (NIC) declassified report that mentions the cyber attack by a Turkish hacker group:NIC_report_Turkey
RootAyyıldız is believed to have connections to elements of the Turkish government, specifically with intelligence agency MIT and the police department. Its attacks on foreign governments, entities and individuals have coincided with the growing noise among Turkish officials who leveled harsh criticism and threats against such foreign governments, entities and individuals.
President Erdoğan enjoyed a personal relationship with Donald Trump and was concerned that the Biden presidency would prove to be challenging in promoting his agenda. The pro-government media was cheering for Trump while bashing Biden during the campaign. It was not surprising to see that a hacker group linked to his government wanted to send a message by hacking Joe Biden’s campaign website.
RootAyyıldız also targeted the Greek government and institutions during heightened tension between the two countries in August 2020. The official website of the Bihar Education Department in India was hacked in August 2019 by RootAyyıldız, which posted messages in praise of Pakistan and Islam. In October 2020 the group hacked the Armenian Football Federation’s website during the conflict between Armenia and Azerbaijan and posted messages in support of Azerbaijan.
The full NIC report is posted below: