Saturday, November 18, 2017
Home / Security / Breaches / Syrian Electronic Army takes over Facebook’s Domain

Syrian Electronic Army takes over Facebook’s Domain

The Syrian Electronic Army (SEA), a team of hackers who are infamous for hijacking high-profile domains, were able to alter the domain registration details for Facebook.com, but didn’t redirect the domain to another server.

The collective published screenshots Thursday on Twitter from what seemed to be the administration panel associated with a San Francisco-based business known as MarkMonitor that handles domains of large enterprises. The company’s services concentrate on online brand protection and anticounterfeiting.

MarkMonitor’s domain administration services “ensures domains are safe with a ‘hardened’ portal and a full suite of premium security solutions, including advanced security measures at the registrar level-and, security services to lock domains down to the registry level,” the company’s website states ironically.

It would appear that SEA focused on MarkMonitor as a way to attack Facebook particularly as the company commemorated its 10th anniversary Tuesday. The team used the MarkMonitor control panel to change the WHOIS details for facebook.com, changing the domain’s contact address to Damscus, Syria.

The hackers didn’t alter the domain’s DNS settings and point the site to some server under their control, which they have done previously with the domains of other businesses.

It’s unclear how SEA acquired access to the MarkMonitor control panel, but other screenshots and tweets provided by the hackers, the panel also provided them access to the domains of Amazon, Google, Yahoo and several other well-known organizations from various industries.

It seems that all companies affected had a domain lock preventing SEA to redirect the sites.  Facebook declined to comment, its domain’s whois details where promptly fixed following the incident.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …