The Syrian Electronic Army (SEA), a team of hackers who are infamous for hijacking high-profile domains, were able to alter the domain registration details for Facebook.com, but didn’t redirect the domain to another server.
The collective published screenshots Thursday on Twitter from what seemed to be the administration panel associated with a San Francisco-based business known as MarkMonitor that handles domains of large enterprises. The company’s services concentrate on online brand protection and anticounterfeiting.
MarkMonitor Administration Panel. #SEA pic.twitter.com/7zDbUxHbYJ
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
MarkMonitor’s domain administration services “ensures domains are safe with a ‘hardened’ portal and a full suite of premium security solutions, including advanced security measures at the registrar level-and, security services to lock domains down to the registry level,” the company’s website states ironically.
It would appear that SEA focused on MarkMonitor as a way to attack Facebook particularly as the company commemorated its 10th anniversary Tuesday. The team used the MarkMonitor control panel to change the WHOIS details for facebook.com, changing the domain’s contact address to Damscus, Syria.
The hackers didn’t alter the domain’s DNS settings and point the site to some server under their control, which they have done previously with the domains of other businesses.
It’s unclear how SEA acquired access to the MarkMonitor control panel, but other screenshots and tweets provided by the hackers, the panel also provided them access to the domains of Amazon, Google, Yahoo and several other well-known organizations from various industries.
Hi @Yahoo :) #SEA pic.twitter.com/KhThDk9AWR
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
It seems that all companies affected had a domain lock preventing SEA to redirect the sites. Facebook declined to comment, its domain’s whois details where promptly fixed following the incident.
Hi @Google :) #SEA pic.twitter.com/f9vOJgRhpJ
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
