The IT Nerd

They’re back.

The Syrian Electronic Army which have had some high profile hacks over the last little while have struck again. This time they’re going after media outlets worldwide. Here’s what the Globe And Mail said:

Media outlets and websites around the world have been targeted by a hack that caused Web users to see propaganda messages for the pro-Assad Syrian Electronic Army.

Users attempting to access certain parts of the affected websites, including The Globe and Mail’s, encountered a message that read “You’ve been hacked by the Syrian Electronic Army (SEA)” and were then redirected to the group’s logo, an image of an eagle bearing the Syrian flag and a message in Arabic.

The group hacked third party software to get access to CBC, The Globe And Mail, The Daily Telegraph, CNBC, PC World, Forbes, OK Magazine, the Chicago Tribune and the NHL to name a few sites that got pwned. The software in question was made by Gigya and it allows social sharing and data tracking tools along with content delivery network services to about 700 Web publishers. I’m guessing that someone with Gigya has some explaining to do and those in charge are not having a happy Thanksgiving. They sort of explained what happened:

“At approximately 6:45 AM EST we identified an issue with our domain registrar,” the update reads. “An initial inquiry has revealed that there was a breach at our domain registrar that resulted in the redirect of the gigya.com domain for a subset of users. The issue has been addressed and is currently propagating through DNS.”

Essentially, the hackers were able to tell Web browsers searching for Gigya.com to go instead to another URL, one that hosted an image of the Syrian Electronic Army’s crest.

All of this is typical of how the Syrian Electronic Army pulls their hacks off. Net result, the pro Assad group gets their name in the news once again and a Silicon Valley company is in damage control mode.

It now appears that the Syrian Electronic Army has graduated from simply defacing social media to hacking e-mail. Here’s the details from News.com:

In addition to compromising some of Microsoft’s social-networking accounts, the Syrian Electronic Army also accessed a “small number” of employee e-mail accounts, the company confirmed Wednesday.

The hacking group, which has taken responsibility for an array of breaches in the past couple of years, tweeted three e-mails over the weekend that appeared to originate from Microsoft employee Outlook Web Access accounts. The screenshots posted by the group included conversations among employees regarding recent compromises of Microsoft-owned Twitter accounts.

“A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and e-mail accounts being impacted,” a Microsoft spokesperson said in a statement to CNET. “These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industrywide issue.”

Well, that’s a step up in terms of what this group has done in the past. Could it be that they’re evolving and thus becoming more dangerous? If so, you can be sure that the authorities will be making more of an effort to catch this group.

News.com is reporting that the Syrian Electronic Army has pulled off another hack. This time they’ve apparently made life miserable for Microsoft:

While it’s been known for a couple of days that the Syrian Electronic Army hacked into the Microsoft News Twitter account, it’s been revealed that the hackers also got into the Twitter accounts of Xbox and Xbox Support, along with Xbox’s Instagram account, according toGameSpot.

The political hacking group that supports Syrian President Bashar Assad posted screengrabs of its exploits on its own Twitter account. The hack consisted of the Syrian Electronic Army writing messages on Xbox‘s accounts that read, “Syrian Electronic Army Was Here” and “Game On!” The group also posted images of Xbox’s Twitter and Instagram accounts showing that it allegedly had administrator access.

Microsoft’s accounts have since been wiped clean and a company spokesperson told CNET on Saturday that “Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.”

So it fits the same sort of pattern that have been seen in the past from this group. That is the defacement of social media accounts. Though I am expecting the group to raise the stakes and do something more “interesting” at some point. Thus I suspect that efforts to catch the group will only increase seeing as the FBI are already looking for them.

The Syrian Electronic Army has struck again. This time they’ve defaced Skype’s Facebook page, Twitter page, as well as the Skype blog. The message? ‘Don’t use Microsoft emails (hotmail,outlook), They are monitoring your accounts and selling the data to the governments.'”

Now Microsoft got control of the pages very quickly and posted this on the Skype Twitter Feed:

You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience.

— Skype (@Skype) January 2, 2014

No shock from yours truly that user data was not affected. Their last couple of hacks by them were along this line. Still, they are wanted by the FBI as clearly there is a fear that they could do something more “spectacular.”

This is a bit embarrassing.

According to The Verge, the Syrian Electronic Army took a Tweet from U.S. President Barack Obama and changed a link in the Tweet so that it went to their propaganda:

Instead, someone had used Obama’s URL shortener to hijack the link, directing it to the video and site. Huffington Post correspondent Sam Stein quickly got a response from Obama campaign group Organizers for Action: “An account with our link shortener was hacked. [But] at no point did they have access to the Twitter handle.” Twitter has also confirmed to us that there’s no evidence the Twitter account was hacked. The tweet was up for 19 hours before the redirect was noticed, making it possible that the change happened only recently. Not long after, the link was fixed; it now sends readers to Barack Obama’s site.

Still, it allows the Syrian Electronic Army to claim victory, It’s amusing, not really dangerous, but very embarrassing to Obama and company. Maybe he needs to review how secure his social media accounts are because it’s a safe bet that the Syrian Electronic Army will try this again.

I am guessing that the US is fed up with the antics of the Syrian Electronic Army. Because after a couple of high profile attacks recently, this group of hackers is now wanted by the FBI:

The FBI issued an advisory that included information about the SEA, its capabilities, and some of its more heinous attacks. The advisory also warns networks to be on the lookout for attacks, and that anyone found to be aiding the SEA will be seen as terrorists actively aiding attacks against the U.S. websites.

Lovely. I’m expecting a response from the group given the climate around Syria at the moment. I wonder how spectacular that will be?