Syrian Electronic Army hijacks eBay and PayPal

Famed ‘hacktivist’ group Syrian Electronic Army claims to have hacked eBay and PayPal Saturday.

SEA

Visitors of the eBay and PayPal UK websites were redirected to defacement pages, but the group said the point of the DNS hack was not to steal users’ information. The message they left was clearly more a shot at the government:

“Hacked by the Syrian Electronic Army. Long live Syria. F*** the United States Government,” the sites read.

The SEA tweeted the hack was prompted by eBay “denying Syrian citizens the ability to purchase online products” due to their policies on doing business through PayPal with Syrian customers. eBay’s domain manager was breached, allowing the hackers to show the SEA logo on different eBay and PayPal pages for about 30 minutes.

PayPal’s PR director released this statement to The Register: “We were not hacked. For a brief period on Saturday 1 February, a very limited number of people visiting certain PayPal and eBay marketing pages in the UK, France and India were redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”

Since the breach, the hacktivist group has done some major bragging on their official Twitter account, posting screen shots of the damage done, as well as retweeting several news articles on the incident.

The account also reconfirmed, “Rest assured, this was purely a hacktivist operation, no user accounts or data were touched. #SEA.”

They were briefly suspended from Twitter use but were back up and running shortly thereafter.

The SEA has become notorious for hacking into social media profiles of major news sources and posting propaganda promoting Syrian president, Bashar al-Assad. Their victims have ranged from CNN to Microsoft to Skype, and they traditionally use complicated phishing attacks to gain entry to systems. So far there has been no information released about whether they used this method for the latest breach.

Breaches and hijacks can never be completely ruled out, but with the right team of security professionals, this can be prevented. Secure your enterprise’s systems by finding the right IT Security professionals through Tiro Security, a leading provider of information security jobs Los Angeles.

Posted in