Syrian Electronic Army hacks Reuters


Reuters, the international news agency, was reportedly been hacked by the Syrian Electronic Army - a hacking group who support the government of Syrian President Bashar al-Assad and attack news organizations.

Anyone who try to visit articles on the Reuters website were being redirected to the official website of the Syrian Electronic Army.

" Hacked by Syrian Electronic Army

Stop publishing fake reports and false articles about Syria!

UK government is supporting the terrorists in Syria to destroy it, Stop spreading its propaganda." The message posted in hacker's website reads.

According to rederic Jacobs reports, the Reuters wasn't directly compromised in this attack.  Instead, the group hacked into a third-party ad provider Taboola -which is used by Reuters to display ads.

This is not the first time the group has used such an approach to hack the websites.  Few days back, the group managed to redirect users of The Sunday Times website to their website, after they compromised a third-party server used by both sites.

Last year, the group managed to hack into the Outbrian and redirect the visitors of CNN, WashingtonPost and other news organizations to hackers' website.

Syrian Electronic Army hacks 4 Wall Street Journal twitter accounts


Wall Street Journal was caught in the crossfire between the Syrian Electronic Army and Ira Winkler who is the CEO of security firm Secure Mentem.

The Syrian Electronic Army(SEA) hijacked four twitter accounts belong to WSJ : @WSJD,  WSJ Europe(@WSJPEurope), WSJ Africa(@WSJAfrica) and WSJ Vintage(@WSJVintage).

SEA posted the message "@Irawinkler is a cockroach" with a picture of Ira Winkler's head on the body of a cockroach.

The attack was carried out in response to a RSA Conference presentation in which Winkler talked about the hacking methods of the SEA and made fun of them.

In his presentation, Winkler also commented that "these people are like cockroaches of the Internet".

This is not the first attack carried out by SEA in response to this presentation.  Last month, the group also defaced the RSA Conference website and said "If there is a cockroach in the internet, it would be definitely you "

Wall Street Journal seems to have recovered the hijacked twitter accounts posted in twitter "We have secured our compromised Twitter accounts and they are now functioning normally."

Syrian Electronic Army gather evidence that Microsoft selling your information to FBI

A document recently leaked by Syrian Electronic Army shows that Microsoft is charging FBI secret division to legally view customer information.  The documents are said to have been taken from Microsoft.

Syrian Electronic Army(SEA) is known for hacking social media accounts and websites of top organizations including Microsoft, CNN, Daily dot and more. 

SEA allowed the Daily Dot to analyze the documents before they published in full.

The document is said to be containing emails and invoices between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU).

The documents shows that Microsoft charged FBI $145,100 in December 2012, broken down to $100 per request for information.  But in 2013, Microsoft allegedly doubled the amount, charged FBI $200 per request for a total of $352,200.  For the recent invoice(Nov 2013), they charged $281,000.

The information provided to FBI including Live email ID, PUID, name, address, country, IP address, Date of Registration and few other details.

Here is the screenshot of documents:





Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

Syrian Electronic Army hacks Forbes website and twitter accounts

Forbes, american business magazine, is appeared to be the latest victim of the Syrian Electronic Army.  The group has managed to post articles entitled "hacked by syrian electronic army".

The group is experts in phishing attack -targeting employees of the organization with a fake emails.  We believe hackers used the same method for compromising Forbes' employees also.

It appears they have gained admin access to the wordpress panel that allowed them to post stories.

The group appears to have compromised one twitter account of forbes (@forbestech) and two twitter accounts(@thealexknapp, @samsharf) belong to their employees.  At the time of writing, Samantha sharf account still shows the hackers tweet.

The hackers said the reason for hacking forbes is because the publication posted  many articles against syrian electronic army, with muchnhate for syria.

Facebook almost got hacked by Syrian Electronic Army, MarkMonitor website Hacked

Earlier today the Syrian Electronic Army posted a tweet with screenshots which suggested they had hijacked the Facebook's domain and changed the Registrant details and name server.

"Happy Birthday Mark! http://Facebook.com  owned by #SEA http://whois.domaintools.com/facebook.com" Hackers said in a tweet.

How hackers take control of Facebook Domain?
The next tweet confirmed that the hacker group took control of the MarkMonitor website - a website that manages Top Level domains including Facebook, Google, Yahoo and more.

The group managed to gain the admin panel of the Mark Monitor website that allowed them to access records of all domains hosted.


After learning about the breach, the Markmonitor immediately took down the Management portal.

It seems like facebook is lucky this time.  Even though the group changed the nameserver of the domain, it didn't reflect.  It's failed attempt to compromise domain's DNS records.  If they had managed to change the records successfully, it could have affected millions of facebook users.

Few other screenshots provided by Syrian Electronic Army shows that the group had access to Google, Yahoo and Amazon domains.




Ebay and Paypal UK domains hacked by Syrian Electronic Army

Paypal is the latest Organization to be victim of Syrian Electronic Army(SEA).  Today, the group has hacked into the MakrMonitor account managing the Ebay and Paypal domains.

Exclusive :MarkMonitor account of Ebay

SEA managed to modify the DNS records of ebay.co.uk and paypal.co.uk and left them defaced.

"For denying Syrian citizens the ability to purchase online products, Paypal was hacked by SEA" The group said in a tweet.

The group said it is purely a hacktivist operation and no user accounts or data affected by this breach.

"If your Paypal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA"

Syrian Electronic Army is best known for its Spear Phishing attacks where employees of organization are targeted with malicious emails. It appears the group used the same attack to compromise the Mark Monitor account of Ebay.

Exclusive: Ebay defaced
The group also hacked the email account Paul Whitted, Sr. Manager, Site Engineering Center at eBay and posted screenshot of the internal communications.


Update:

"We’re aware our UK & France marketing pages were redirected briefly for a few users. Situation is resolved; NO customer info was compromised"Paypal has acknowledged the breach on its official twitter account.

CNN Twitter account and blog hacked by Syrian Electronic Army


Fake article posted by Syrian electronic Army

Just few hours ago, Syrian Electronic Army hijacked the official twitter account of CNN and started to posted series of tweets.

Hackers mentioned the hack is part of retaliation against CNN for "viciously lying reporting aimed at prolonging the suffering in #Syria."

"#CNN used its usual formula of present unverifiable information as truth, adopting a report by Qataris against #Syria." one of the tweets posted by hacker reads.

The group appears to have compromised the main twitter account @CNN and @natlsecuritycnn, main facebook page of CNN, CNN politics' facebook page.



"US Media strategy is now to hide the fact that the CIA controls and funds Al Qaeda by blaming #Syria instead for their terror. #SEA" Recent tweet from group reads.

The group also managed to compromise the "CNN Security Clearance", "Political Ticker", "The Lead", "The Situation Room" and "Crossfire" blogs.

The also managed to post a fake article entitled "BREAKING NEWS: US declares state of national emergency, State department reportedly out of reach"

  • http://security.blogs.cnn.com/2014/01/23/breaking-news-us-declares-state-of-national-emergency-state-department-reportedly-out-of-reach/
  • "China dumps all bonds, declares South China Sea closed zone ": http://politicalticker.blogs.cnn.com/2014/01/23/breaking-china-dumps-all-bonds-declares-south-china-sea-closed-zone/ 
  • http://situationroom.blogs.cnn.com/2014/01/23/breaking-china-dumps-all-bonds-declares-south-china-sea-closed-zone/


CNN confirmed the hack in their recent tweet saying " Some of our organization's social media accounts were compromised. We have secured those accounts and deleted unauthorized tweets."

Microsoft Office Blog hacked by Syrian Electronic Army


As i said earlier, this year starts with bad luck for Microsoft.  As promised earlier in their tweet that they didn't finish their attack on Microsoft, they have attacked another website belong to Microsoft. This time, it is official 'Microsoft Office' blog.

"We didn't finish our attack on @Microsoft yet, stay tuned for more! #SEA" Hackers posted in one of their earlier tweets.

Hackers posted a screen shot that shows they managed to post articles entitled "Hacked by Syrian Electronic Army" in the blogs.office.com.


They also mentioned in their tweet that Microsoft can expect more attack from SEA team.

Hackers also posted couple of screen shots that shows they have gained access to the control panel of Office blog.



"Dear @Microsoft, Changing the CMS will not help you if your employees are hacked and they don't know about that. #SEA" latest tweet from SEA reads.

The latest attack is part of the series attack against Microsoft, started with  Skype blog and twitter account hijack.  This was followed by hijack of Xbox twitter account, Twitter account of Microsoft News and Microsoft official blog.

Microsoft confirms phishing attack compromised the employee's email account

Social Engineering attacks is one of the most successful attack method- Even the system which is claimed to be 100% secure can be hacked, if an attacker is able to manipulate one employee.

We recently covered a news about the recent Microsoft's twitter account hack in which Syrian hackers compromised the email accounts of Microsoft's employees through a phishing attack.

Microsoft has finally admitted that the Syrian Electronic Army has hacked into several Microsoft employee email accounts via phishing attack. 

"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted." Microsoft spokesperson said in an email sent to Geekwire.

Microsoft said that the compromised accounts have been recovered.  They also claimed that no customer info stolen in the attak. 

"We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."

The Official Microsoft Blog also hacked and defaced by Syrian Electronic Army

It appears new year starts with bad luck for the Microsoft.  Microsoft has found itself under the radar of Syrian Electronic Army, one of the popular syrian hacker group known for high profile website hacks.

Few hours after we yesterday reported that Microsoft official twitter account hijacked,  their blog also got hacked by the Syrian Electronic Army(SEA).

The group managed to create an articled entitled "Hacked by Syrian Electronic Army" in the Microsoft official Technet blog(" blogs.technet.com/b/microsoft_blog/‎").


It appears the group still have access to the email accounts of Microsoft.  They also published emails sent from one employee to another employee regarding the security breach.

Now, the Technet blog is back up and functioning normally. The attack just came after the hijack of Microsoft Xbox twitter account and official twitter account of Skype.  The group also defaced the Skype's blog.

Stay Tuned at +E Hacking News to get more Exclusive information about the hack.

Verified Microsoft News twitter account hacked by Syrian Electronic Army



Syrian Electronic Army has hijacked the official verified twitter account of Microsoft which is used for news updates.

The hack just came after the earlier today hijack of the Microsoft xbox twitter and instagram account.

"Don't use Microsoft emails(hotmail,outlook).  They are monitoring your accounts and selling the data to the governments.  #SEA" Hackers tweeted from the @MSFTnews account.

In another tweet, hackers trolled the Internet explorer saying " Leak: The top two visited links from @IE: google.com/chrome and Mozilla.org/firefox #SEA"

*Update:
 Hackers has released an email sent from Steve Clayton, Microsoft Creative Director to other employees in Microsoft regarding the twitter account hijack.

 

#Exclusive: Syrian Electronic Army hijacks Microsoft Xbox Instagram and twitter accounts


Just few days after, hacking the official twitter account of Skype, Syrian Electronic Army once again has attacked Microsoft.  Today, they have hijacked the Official Twitter and Instagram accounts.

It appears @xbox and @xboxsupport twitter have been compromised in the attack.  The group managed to post usual post from Xbosupport account saying "Syrian Electronic Army was here".

At the time of writing, Microsoft regained the access to both Twitter and Instagram accounts.

It is still unknown how hackers managed to compromise these accounts.  I believe they have used their usual social engineering attack.

We are trying to reach the group for further statement. We will update if get any interesting info.

*Exclusive -Update:
One of the member of SEA group told E Hacking News that they have compromised the info by sending an email containing malware file to Microsoft's staff.

Hackers told us that "another hack will come soon with publishing the documents of monitoring email accounts by Microsoft".

*Update:
Microsoft News twitter account also have been hijacked by Syrian Electronic army, read the full update here.

More screen shots:




#Exclusive: Skype Twitter Account hacked by Syrian Electronic Army

Yes, Microsoft is the latest victim of the Syrian Electronic Army.  The official twitter account of Skype has been hijacked by Syrian Hackers to post a tweet about Spying.

"Don't use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments.http://blogs.skype.com/2014/01/01/dont-use-microsoft-emails-hotmailoutlook-they-are-monitoring-your-accounts-and-selling-the-data-to-the-governments/ " The hacker tweeted from the skype account.


The hacker also leaked the US Executive CEO of Microsoft in a tweet saying "You can thank Microsoft for monitoring your accounts/emails using this details".

An Exclusive screenshot provided to E Hacking News shows that hackers break into the Skype Wordpress blog as well as in Social media dashboard account.

It appears the hackers have hijacked the account of "Shana pearlman" who is Content Marketing Manager at Skype. 

Skype Wordpress

Social Media Dashboard of Skype

The group managed to post an article at this location "blogs.skype.com/2014/01/01/dont-use-microsoft-emails-hotmailoutlook-they-are-monitoring-your-accounts-and-selling-the-data-to-the-governments/".

The article title and body says the same content which is posted in the tweet that not to use Microsoft email services as they are monitoring your accounts and selling the data to governments. 

*Update: The Article has been removed from the page and Skype regained access to their twitter account.

Exclusive: Vice.com hacked by Syrian Electronic Army, redirects to SEA website

Syrian Electronic Army known for hacking high profile US based websites has once again come up with high profile website hack.

Today, the group hacked into VICE main website(vice.com), an US based international magazine focused on arts, culture, and news topics.

The hackers managed to gain access to the administration panel of the website and modified the website to redirect to hackers' website.

"Dear the @VICE, Your website was hacked in order to deliver a message" The tweet posted by the hackers reads.



They also published an article saying "Your website was hacked by the Syrian Electronic Army. This time we just deleted the article that you claimed in it that you exposed "Th3Pr0" identity. But you didn't. You published names of innocent people instead. The second time we will delete all your website"

Exclusive: The group provided us two screenshots of Gmail account belong to the Vice's employees. One of the account belong to the Developer of the Vice website who have full access to the website.

Even Though the developer got a warning about phishing attempt from his VICE cms manager, he fall into the trap of hackers.

They group also claimed to have hacked into the mailchimp account and managed to send mail to 33,000 subscribers.
 

#Exclusive: Qatar DNS hacked by Syrian Electronic Army -Facebook, Google Defaced

It appears almost all hackers like to do DNS hijack attack instead of targeting the main target.  DNS hijack attacks allows them to deface high profile websites such as Google, Yahoo and more.

Now, the famous Syrian hacker group " Syrian electronic army " has also chosen "DNS hijack attack".  The group compromised the Qatar Domain registrar "registry.qa".


The hackers successfully managed to change the DNS records of high profile websites and defaced them.  The list of affected websites includes Government and Military websites, Google Qatar, Facebook Qatar, Vodafone Qatar and more websites.




At the time of writing, most of the websites are still showing the defacement page while other websites displaying "CPU Limit Exceeded" error message.

It is still in question how hackers break into the Qatar Registry portal whether a usual social engineering attack used by SEA or any other vulnerabilities.  We will update once we get a word from the group.

*Update:
 We had talk with Syrian Electronic Army. The hackers told EHN that they have gained access to the registry administration by hacking 'domains.qa' and decrypting the passwords and then they logged to their emails.

"All the world know that Qatar is supporting the terrorists in Syria and today was the zero-day for them" SEA told EHN.

Exclusive screenshot

Melbourne IT Blog hacked by Syrian Electronic Army


Earlier Today, Syrian Electronic Army hacked into the Melbourne IT Server and changed the DNS records of NYTimes, Twitter, HuffingtonPost and few other domains.

It appears the admin failed to reset the password and hackers still have access to the server- They have defaced the Melbourne IT's blog ( www.melbourneit.com.au/blog).

"Hacked By SEA, Your Servers security is very weak" the defacement message reads.

At the time of writing, the blog is taken down by the admin and displaying error message "Service Temporarily Unavailable".

Melbourne IT Server hacked - Twitter, Nytimes, HuffingtonPost affected

Syrian Electronic Army , the group known for hacking top media websites, brought down the New York Times, HuffingtonPost, Twitter websites.

The list of affected websites includes twitter.com,twimg.com,nytimes.com huffingtonpost.co.uk, twitter.co.uk and few more domains belong to twitter.

#Exclusive: How the hack happened 
In an exclusive interview to E Hacking News, hackers confirmed us that they have hacked into Melbourne IT Servers and decrypted their passwords, also had access to their emails.

Exclusive Screenshot

Melbourne IT is an organization that provides domain name for high profile websites.  The security breach allowed the hacker to take control of the above mentioned domains and changed the DNS and other details.

At the time of writing, the New York Time is still down but other websites have been recovered and back to normal.

*Update:
MatthewKeysLive, the internet's journalist, tweeted that Melbourne IT confirms it was compromised today "The Credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melborune IT's systems.  "

Exclusive: Outbrain service hacked , CNN , Washington Post and Time affected

Syrian Electronic Army has hacked into Outbrain service and take control of admin panel. The security breach affects CNN, Washington Post, Time  and more high profile websites.

Outbrain is a content recommendation service whose widget offers to help internet publishers increase web traffic at their websites. It does so by presenting them with links to articles and other content.


CNN outbrain hacked


Speaking to E Hacking News, hacker said that the admin panel of Outbrain is hosted in the local server.  However, they managed to login into the panel with the help of VPN and access panel.

The group also told EHN that they have compromised emails of Outbrain.  At the time of writing, the website is back to normal.

" Reading @wapo article & redirected to website of Syrian Electronic Army--twice. A nice hack, but now I'm probably on a watch-list." Nathan K. Hensley posted in his tweet.

The hackers also provided us exclusive screenshots of the admin panel of outbrain :


CNN Affected

Time website affected

SocialFlow hacked, New York Post Facebook and twitter accounts hacked

It seems no one is safe from Syrian Electronic Army. Earlier Today, the group hacked into SocialFlow website - a social media optimization platform for leading brands and publishers.

It appears the security breach allowed the hackers to compromise the New York post twitter and facebook accounts.

"The New York Post(@nypost) #Facebook Page hacked by the Syrian Electronic Army #SEA pic.twitter.com/f8g0O6vbSH" The tweet posted by group reads.

Hacked SocialFlow allows NewYork post facebook access

Twitter account of NewYork Post

Hacked facebook page: "https://facebook.com/NYPost.". The group hacked the following twitter accounts belong to New york Post: @NewYorkPost, @NYPost_Lewis, @NYPost_Schwartz, @NYPost_Mets, @nypostbiz.

 Twitter account(@JReidPost) belong to Washington Post sports columnist "Jason Reid" also got hacked and posted the "Syrian Electronic Army was here" tweet.


"Update: today an employee's email account was compromised in a phishing attack. As a result, our Twitter and FB accounts were compromised." SocialFlow said in a response to the hack. But, The organization didn't confirm about their website hack.   

"No customer access or data was compromised in this attack. As part of our security controls, we immediately took our service offline."

"Advice: Don't lie on your customers, Your main website and blog was hacked too. :)" Syrian Electronic Army said.
You can check the previous hacks of SEA here: Syrian Electronic Army .  Our first interview with Syrian Electronic Army can be found here: Interview with Syrian hackers.