Pro-ISIL Hack of Arkansas Library Association

In 2016, a pro-ISIL group hacked the website of the Arkansas Library Association (ArLA) and released the membership directory to other ISIL supporters as a scare tactic, although the breach had few consequences for the organization.

In June 2014, the terrorist organization known as the Islamic State of Iraq and the Levant (ISIL), also called Islamic State (IS) or the Islamic State of Iraq and al-Sham (ISIS), declared a global caliphate (Islamic state ruled by a religious leader). By March 2015, ISIL had established its rule over sizeable portions of Syria and Iraq and benefitted from sympathetic supporters around the world. Starting in 2015, pro-ISIL supporters began waging indiscriminate cyberattacks against various Western websites and databases. Hackers specifically targeted websites or accounts with lower security protection.

In the spring of 2016, one of these pro-ISIL groups, the Cyber Caliphate Army, hacked the website of the Arkansas Library Association and released the organization’s membership directory among ISIL supporters through an app. The directory included the names, email addresses, and work institutions/physical addresses of hundreds of librarians across the state. Sensitive information such as birthdays, Social Security numbers, and financial information of members was not compromised, since this material was not held in the directory database. In theory, when hackers leaked lists such as the ArLA directory, pro-ISIL supporters were supposed to execute those compromised individuals. In reality, these hacks functioned as more of a scare/intimidation tactic.

In May, the Federal Bureau of Investigation (FBI) notified ArLA’s leadership that the association’s website had been hacked. In June, the FBI revealed who was behind the attack and what had been compromised. Unlike weeks before when a list of 3,000 New Yorkers was released by pro-ISIL hackers, the authorities did not directly contact compromised individuals. The FBI took no additional steps beyond notifying ArLA’s leadership of the hack. The Arkansas State Police also knew about the attack but did not investigate or contact any ArLA members. Both agencies left the responsibility of informing those compromised librarians to the organization.

The ArLA webmaster, Ron Russ, immediately notified members of the hack via email. In the spring/summer 2016 issue of the association’s journal, Arkansas Libraries, he described the attack to the readership and explained the steps that he and the Web Services Committee were implementing to make the organization’s website more secure. Reactions to the hack among ArLA members were varied. Some members were concerned by the attack. Most librarians dismissed the hack as an empty threat. All members, however, were surprised that their association’s website was hacked by a group affiliated with ISIL.

While the pro-ISIL breach of ArLA’s website and the resulting membership directory leak proved ineffectual as an act of terrorism or intimidation, the cyberattack did prompt the organization’s leadership to implement more robust security measures to protect the website from future attacks. The hack also put the library association in the news when Newsweek, the Arkansas Democrat-Gazette, and multiple local radio and television stations reported on the incident.

For additional information:
Bowden, Bill. “Arkansas Library Group Hacked; Information Posted on Pro-ISIS Website.” Arkansas Democrat-Gazette, June 8, 2016.

Miller, Shannon. “FBI: ISIS Hacked Arkansas Library Association’s Website.” KARK, June 7, 2016. (accessed September 16, 2020).

Moore, Jack. “ISIS Hit List of Arkansas Civilians Leaves Targets, Authorities Unmoved.” Newsweek, June 6, 2016. (accessed September 16, 2020).

Russ, Ron. “ArLA Website Data Breach.” Arkansas Libraries 73 (Spring/Summer 2016): 31.

A. Blake Denton
University of Arkansas at Monticello


No comments on this entry yet.