Anti-'Zionist’ Hacker Brings Down Retail Union Website

From labor disputes cases to labor and employment publications, for your research, you’ll find solutions on Bloomberg Law®. Protect your clients by developing strategies based on Litigation...

By Jacquie Lee

A hacker, known only by the stamp “AmmarLiverpool,” targeted the Retail, Wholesale and Department Store Union’s website the night of Aug. 1, the union’s communications director, Chelsea Connor, confirmed for Bloomberg BNA Aug. 2.

The hacker deleted all of the website’s content and then posted this message to the site: “Hacked By AmmarLiverpool This Website Has Been HaCked By Electronic resistance against the Zionist sites AmmarLiverpool Was Here 1 ; 2 ; 3 Vive L’Algerie.”

This isn’t the first time unions have had a run-in with hackers. An internet bandit depleted the bank account of the Connecticut chapter of the Communications Workers of America in November. That same month, UFCW Local 655 ended up forking over about $6,000 in bitcoin to a hacker who held its pension plans hostage. The hacker demanded three bitcoins, which were valued at $2,000 each, to enable the site to work again.

“AmmarLiverpool” didn’t seek payment to return RWDSU’s site to the union’s control, Connor said.

The site doesn’t store any private information, such as Social Security numbers or addresses, she said. “Any information that was removed or seen was all public,” Connor said. “There’s no member information on our website whatsoever.”

By late afternoon Aug. 2, the union had regained the ability to control the homepage of the site and posted a message explaining the incident.

Hacker Struck After Hours

Connor first realized the site was corrupted when an RWDSU staff member called her about 9:20 p.m. Aug. 1. An hour later, the union issued a statement.

“Tonight, our union was attacked by a hateful anti-semitic computer hacker,” RWDSU President Stuart Appelbaum said in the statement. “We are working swiftly to ensure his message of hate spreads no further and that our website is restored and our firewalls strengthened.”

RWDSU officials aren’t sure why the union was targeted, Connor said. Appelbaum is also president of the Jewish Labor Committee and a well-known figure in New York’s Jewish community, but Connor is unsure whether that explains why the hacker chose RWDSU.

“Whether it’s specific to him or our union, I don’t think it matters,” Connor said. “Clearly this was someone who wanted to share a message, and unfortunately that message was very hurtful for us.”

An entity that identified itself as “AmmarLiverpool” took credit for hacking four Italian websites in October 2013. Other websites AmmarLiverpool recently hacked are associated with a variety of industries, which may indicate the attack was a crime of opportunity rather than targeting Appelbaum specifically.

The union’s IT team is working to fully restore the website. RWDSU is working with 1&1, the company that hosts the site, to determine which law enforcement agency has jurisdiction over the hack, Connor said.

Hackers Flexing Their Muscles

In most cases, hackers steal information or hold websites for ransom, but leaving a message is meant to signal a hacker’s power, Bhavani Thuraisingham told Bloomberg BNA. She’s the executive director of the Cyber Security Institute at the University of Texas at Dallas.

To protect themselves, individuals and companies should change their passwords every three months, keep firewalls up-to-date, and back up their data, Thuraisingham said. But individuals need to take more initiative in learning about how their computer’s security system works as well, she said.

“These things are only going to get worse because we live in an interconnected world,” she said. “We really need to have knowledge to be able to do that. If we don’t, we have to suffer the consequences.”

Companies are starting to heed the advice of cybersecurity experts. In the past four years, some have begun investing in cyber insurance, Thuraisingham said.

“Health-care companies have highly sensitive information, so if they are hacked people will sue them,” she said. “That’s why they take insurance. Not for damaged computers, but to pay for litigation.”

After You’ve Been Hacked ..

First, system administrators must change their passwords and their user IDs, Shiu-Kai Chin, professor of electrical engineering and computer science at Syracuse University, said.

Then, officials should make a list of who has access to the files that hold the website’s content. It should be as short as possible to cut down on possible leakers or people vulnerable to hackers, Chin said.

Finally, someone must do an audit of the website, he said.

“There’s no security without audit,” he said.

Thanks to a tracking system hosted on most websites, administrators can look to see who had access to their website’s files and when others were trying to gain access.

If the IP address for whoever gained access to those files matches those of other administrators, it could be an “inside job,” Chin said. If not, that points to an outside hacker trying to get into the organization’s system. Theoretically, officials could use the outsider’s IP address to track down the hacker.

But IP addresses are tricky because they can be spoofed, Chin said. They’re more useful in determining whether the hack was an inside or outside job than who the actual hacker is, he said.

In most cases hacks can be avoided if organizations can patch up vulnerabilities in their systems, hire competent IT teams, and educate their workforce on how to operate their computers safely, Chin said.

“The long-term message is just like health care and taking care of yourself: You can cheapen out now, but you can pay me now or pay me later,” he said.

To contact the reporter on this story: Jacquie Lee at

To contact the editors responsible for this story: Peggy Aulino at; Terence Hyland at; Chris Opfer at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Labor & Employment on Bloomberg Law