The U.S. Army runs an Artificial Intelligence Integration Center. Its job is bringing cutting-edge AI into military operations. Hacktivists just embarrassed it by exploiting a forgotten error page — the digital equivalent of spray-painting your lobby while security cameras point at the vault. Two Army subdomains, oil.army.mil and ai2c.army.mil, displayed messages calling Trump a “pedophile” and a “thief,” referencing his name in DOJ files connected to Jeffrey Epstein, alongside demands to “FREE KURDISTAN.” This is a federal cybersecurity story wearing political graffiti as a costume, not unlike the recent case where U.S. operatives built a surveillance app to target political dissidents.
What Actually Happened (and How)
Attackers hijacked 404 error pages on two Army innovation sites, hiding in plain sight while the rest of each site looked completely normal.
- Attackers used 404 hijacking: they modified error-handling pages so any non-existent URL displayed their political message instead of a standard “page not found” notice. The rest of each site appeared untouched, slowing detection.
- Both targets — the Open Innovation Lab and the AI Integration Center — belong to Army units testing emerging technologies, including AI.
- Security researcher Ronald Lovelace first identified the defaced pages, according to CyberScoop.
- The Army told CyberScoop the sites ran on a “legacy third-party platform not connected to the Army’s enterprise network.” The Department of Defense did not respond to TechCrunch’s request for comment.
- No data theft has been confirmed. This remains a defacement incident, not a breach.
The defaced pages included “Kurdish sr was here” and referenced U.S. Ambassador to Türkiye Tom Barrack. Attribution remains unconfirmed, but CyberScoop notes “Technical teams took immediate action to mitigate the issue, and the affected pages have been secured.” The messaging is consistent with Kurdish hacktivist groups, who have long targeted government websites to amplify calls for autonomy across Turkey, Iraq, Iran, and Syria.
The Army hasn’t disclosed exactly how attackers gained access. TechCrunch observed both sites appear to run on WordPress with multiple plugins — a sprawling attack surface that administrators rarely audit. A 404 error page is the corner of a website nobody thinks about. That’s precisely what made it useful.
This Isn’t Isolated
Federal public-facing web infrastructure has become a soft target for politically motivated actors chasing visibility over data.
Hacktivists earlier targeted DHS, publishing records tied to ICE deportation contracts. That same week, DHS confirmed attackers compromised an intelligence-sharing platform used between state, local, and federal authorities, according to TechCrunch. SC World notes a 2015 Syrian Electronic Army attack defaced Army websites using similar tactics — this playbook predates TikTok by nearly a decade.
The Army’s “legacy platform” framing deserves a raised eyebrow: calling compromised public-facing infrastructure legacy doesn’t reduce the reputational damage of having an AI integration lab outmaneuvered by a forgotten plugin. Federal agencies face mounting pressure to audit CMS-based properties and harden configurations, as hackers have shown they can steal password vaults through similarly overlooked platform weaknesses. Defacement is cheap. Embarrassment is expensive. The fix isn’t glamorous — it’s patch management, a lesson underscored by the long history of tech scandals where institutions failed to act on known vulnerabilities.




























