Two U.S. Army websites were fixed after hackers altered their error pages to display pro-Kurdish messages and insults targeting President Donald Trump, including the words “pedophile” and “thief,” according to TechCrunch.

Hacktivists Deface US Army Websites to Taunt Trump
XOOMAR Intelligence
Analyst Take
The US Army websites defaced were tied to the Army’s Open Innovation Lab and AI Integration Center, public-facing sites connected to testing and integrating AI and other emerging technologies. The available reporting points to a visible hacktivist defacement, not a confirmed theft of Army data.
2 Army sites were fixed after anti-Trump messages hit error pages
The defacement did not appear to replace the main homepages. Security researcher Ronald Lovelace told CyberScoop, which first reported the incident, that the altered content appeared on error pages, meaning visitors saw it when trying to open a URL that did not exist.
CyberScoop identified the affected subdomains as oil.army.mil and ai2c.army.mil. The first belongs to the Open Innovation Lab, described as a test bed for software and cyber capabilities established in 2020. The second belongs to the Artificial Intelligence Integration Center, established in 2019 to integrate AI technologies into the Army and train personnel on emerging technologies.
The messages called Trump a “pedophile” and a “thief,” which were the hackers’ displayed words, not verified claims.
The defaced pages also mentioned Tom Barrack, the current U.S. ambassador to Turkey, and included calls for a “free Kurdistan.” CyberScoop reported that the altered pages were visible as of Monday, and that the Army took them down after the publication contacted officials.
“We are aware of unauthorized defacements on the error pages of oil.army.mil and ai2c.army.mil, which are hosted on a legacy, non-authoritative platform,” Army spokesperson Maj. Sean Minton told CyberScoop. “Technical teams took immediate action to mitigate the issue, and the affected pages have been secured.”
The Army has not said how the error pages were changed. TechCrunch reported that a Department of Defense spokesperson did not respond to its request for comment.
For readers tracking the broader collision of Trump politics and technology branding, this is a very different kind of Trump-linked tech story than XOOMAR’s coverage of the $499 Trump Phone flop. Here, the Trump connection comes through hostile political messaging planted on U.S. military web infrastructure.
US Army websites defaced through 404 pages put public trust on the line
A defacement is not the same thing as a confirmed breach of operational Army systems. There is no reported evidence so far that sensitive databases, internal military networks, or operational systems were accessed.
That distinction matters. But it does not make the incident harmless.
Public government websites carry institutional authority. When attackers can alter even a low-traffic error page on a military domain, they get to borrow that authority for their own message. In this case, the message was designed to provoke: anti-Trump insults, a pro-Kurdish slogan, and a reference to Barrack.
CyberScoop described the incident as a 404 hijacking campaign. In practical terms, that means attackers controlled what users saw when a requested page was missing, instead of necessarily changing the site’s normal visible pages.
| Issue | What the reporting supports | What remains unconfirmed |
|---|---|---|
| Visible defacement | Error pages on two Army subdomains were altered | Who carried it out |
| Data exposure | No public evidence of stolen data has been reported | Whether any files or logs were accessed |
| Technical path | Sites appeared to run on WordPress and Microsoft cloud infrastructure, per CyberScoop | Whether a plug-in, credentials, hosting, or configuration flaw was used |
| Scope | Two Army subdomains were identified | Whether other subdomains were affected |
The US Army websites defaced also appear to fit a familiar hacktivist pattern. The attackers did not quietly linger for financial gain, at least based on what is public. They used a federal web property to amplify a political cause.
That still leaves a hard question for federal web teams. A small public-facing compromise can expose weak maintenance, outdated software, loose access controls, or third-party hosting risk. CyberScoop reported that an Army spokesperson described the affected pages as hosted on a “legacy, non-authoritative platform” not connected to the Army’s enterprise network.
XOOMAR analysis: that wording is meant to limit the blast radius. It signals that the Army sees this as separate from its core network. It also raises a separate issue: legacy public platforms can still damage credibility when they carry official Army domains.
The political targeting also lands against a wider Trump news cycle. XOOMAR has covered other policy fights involving the president, including Trump wielding a housing bill in a SAVE Act pressure play and Trump losing as a U.S. housing law took effect without him. This cyber incident is narrower, but the attackers clearly chose Trump as the attention magnet.
Investigators now need the entry point behind 2 Army defacements
The next phase is forensic. Army cyber investigators will need to determine how attackers gained permission to alter the error pages, how long that access existed, and whether anything beyond the public-facing 404 pages was touched.
The likely review paths are straightforward:
- Logs: Identify when the altered pages were uploaded or generated.
- Credentials: Check whether administrative accounts were stolen, reused, or misconfigured.
- Content management system: Review WordPress instances, themes, and plug-ins for known weaknesses.
- Hosting layer: Examine the legacy third-party platform described by the Army.
- Scope: Confirm whether other Army subdomains showed abnormal changes or only the two named sites.
CyberScoop reported that Lovelace said the affected sites ran on WordPress and Microsoft cloud infrastructure. That does not prove WordPress or any plug-in caused the compromise. It does explain why investigators will look closely at the content management layer before assuming a deeper intrusion.
Lovelace said the presence across multiple subdomains “raises the severity a decent amount because it shows it’s a bit deeper than just one single path” being corrupted.
The Army’s public statement leaves several gaps. Officials have not publicly said exactly when the defacement began, whether a known group is suspected, or whether the third-party platform will be patched or discontinued. CyberScoop reported that incident response remains ongoing.
This is the watch item now: whether the US Army websites defaced remain a contained embarrassment on legacy web infrastructure, or whether investigators find broader weaknesses across public-facing military sites. The answer depends less on the slogans the attackers posted, and more on the access they had before the pages were secured.
Impact Analysis
- The incident exposed weaknesses on public-facing Army web infrastructure tied to emerging technology programs.
- Reporting indicates a visible hacktivist defacement rather than a confirmed theft of Army data.
- The use of political insults and pro-Kurdish messages shows how government sites can become targets for symbolic cyber protest.
Affected U.S. Army Websites
| Website | Army unit | Role | Established | Defacement location |
|---|---|---|---|---|
| oil.army.mil | Open Innovation Lab | Test bed for software and cyber capabilities | 2020 | Error pages |
| ai2c.army.mil | Artificial Intelligence Integration Center | Integrates AI technologies and trains personnel on emerging technologies | 2019 | Error pages |
Sources
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
CybersecurityAI Agents Trip Alarms in Enterprise AI Security Rush
DigiCert says 78% of AI-using enterprises saw an incident or vulnerability, mostly from rogue or misconfigured AI agents.
Cybersecurity6.9M Drivers Face Scams After AssuranceAmerica Data Breach
Hackers stole data tied to 6.9M AssuranceAmerica drivers, including licenses, policy details and claims data.
CybersecurityUS Slaps $10M Bounty on Russian Signal, WhatsApp Hackers
$10M is on the table for tips on Russia-linked groups accused of hijacking Signal and WhatsApp accounts used by officials and journalists.
CybersecurityCISA Orders 3-Day Patch for SharePoint Vulnerability
CISA says attackers are exploiting a SharePoint RCE flaw, giving federal agencies just three days to patch.
CybersecurityClaude Fable 5 Escapes AI Ban as Washington Blinks
Claude Fable 5 is back, but Mythos 5 stays gated. Washington's AI safety process is moving faster than its rules.
Global TrendsTrump Loses as US Housing Law Takes Effect Without Him
Trump refused to sign the US housing law, but it took effect anyway, putting housing supply at the center of the affordability fight.
Global TrendsTrump Snubs Housing Bill as It Slides Into Law Anyway
The housing bill became law without Trump's signature, turning a bipartisan housing win into a protest over stalled voter ID legislation.
Global Trends$16M Trump Revamp Sends Reflecting Pool Back to Repairs
Trump's $16m Reflecting Pool revamp is back under repair as algae, peeling liner and debris turn a showcase into a political headache.
Global TrendsRemains Discovery Triggers Jana Armstrong Murder Charge
Police charged a 48-year-old man with murder after remains believed to be Jana Armstrong's were found near Toowoomba.
TechnologyAsus ProArt KD300 Exposes the Productivity App Trap
The Asus ProArt KD300 argues that the best productivity upgrade isn't another app, but one compact keyboard that makes five devices easier to use.
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.