There is this group of very well respected (and feared) hackers called Syrian Electronic Army (a.k.a Syrian Electronic Soldiers) who have in the past hacked the likes of The NY Times, BBC News, the Associated Press, Al Jazeera, The Washington Post. No big deal. It’s just that they don’t like it when you talk shit about Syria and Forbes.com paid a heavy price for doing so.
As well as adding Forbes.com to their high-profile “hacked” list along with the @ForbesTech account, the hackers have also successfully gained control of the account belonging to social media editor Alex Knapp (@TheAlexKnapp) and personal finance report Samantha Sharf (@Samsharf).
In an email to IBTimes UK, a spokesperson for the Syrian Electronic Army confirmed the attack with the following when asked why they had hacked Forbes.com:
Many articles against the SEA were posted on Forbes, also their hate for Syria is very clear and flagrant in their articles.
They said they were able to hack an administrator account of Forbes.com adding “it’s not hard to login since they are using WordPress.”
The organization said in a tweet that more than 1 million user e-mails and passwords were successfully stolen and will be published at some point:
— SyrianElectronicArmy (@Official_SEA16) February 14, 2014
Notable hacks and attacks made by Syrian Electronic Army:
- July 2011: University of California Los Angeles website defaced by SEA hacker “The Pro”.
- September 2011: Harvard University website defaced in what was called the work of a “sophisticated group or individual”. The Harvard homepage was replaced with an image of Syrian president Bashar al-Assad, with a message saying “Syrian Electronic Army Were Here”.
- April 2012: The Syrian Electronic Army took down the official blog of social media website LinkedIn. The page was redirected instead to a site supporting Bashar al-Assad.
- August 2012: The Twitter account of the Reuters news agency was hacked by the SEA. 22 tweets were sent with false information on the conflict in Syria. In addition, the Reuters news website was compromised, and a false report was posted about to a Reuters journalist’s blog.
- 23 April 2013: The SEA hijacked the Associated Press Twitter account and falsely claimed the White House had been bombed and President Barack Obama injured.
- May 2013: The Twitter account of The Onion was compromised by the SEA, by phishing Google Apps accounts of The Onion’s employees.
- May 2013: The ITV news London Twitter account was hacked on the 24th May 2013 by the SEA. The Android applications of British Broadcaster Sky News were also hacked on 26 May 2013 on Google Play Store.
- 17 July 2013, Truecaller servers were allegedly hacked into by the Syrian Electronic Army. The group claimed on its twitter handle to have recovered 459 GiBs of database, primarily due to an older version of WordPress installed on the servers. The hackers also released TrueCaller’s alleged database host ID, username, and password via another tweet.On 18 July 2013,Truecaller issued a statement on its blog stating that their servers were indeed hacked, but claiming that the attack did not disclose any passwords or credit card information.
- 23 July 2013: Viber servers were allegedly hacked into by SEA as well. The Viber support website was replaced with a message and a supposed screenshot of data that was obtained during the intrusion.
- 15 August 2013: Advertising service Outbrain was hacked by the SEA via a spearphishing attack. This allowed them to place redirects into the websites of The Washington Post, Time, and CNN.
- 27 August 2013: NYTimes.com has its DNS redirected to a page that displays the message “Hacked by SEA” and Twitter’s domain registrar was changed.
- 28 August 2013: Twitter had its DNS registration hacked to show the SEA as its Admin and Tech contacts, and some users reported that the site’s CSS had been compromised
- 29–30 August 2013: The New York Times, Huffington Post, and Twitter were knocked down by the SEA. A person, who is claiming to speak for the group, has stepped forward to tie these attacks to the increasing likelihood of U.S Military action in response to al-Assad using chemical weapons. A self-described operative of the SEA told ABC News in an e-mail exchange: “When we hacked media we do not destroy the site but only publish on it if possible, or publish an article [that] contains the truth of what is happening in Syria…So if the USA launch attack on Syria we may use methods of causing harm, both for the U.S. economy or other.”
- 2–3 September 2013, Pro-Syria hackers broke into the internet recruiting site for the US Marine Corps, posting a message that urged US soldiers to refuse orders if Washington decides to launch a strike against the Syrian government. The site, www.marines.com, was paralyzed for several hours Monday and redirected to a seven-sentence message “delivered by SEA” — short for the Syrian Electronic Army.
- 30 September 2013: SEA hacked the website of U.S. news company the Global Post, targeting their official twitter account and website (globalpost.com). SEA officially announced the hack through their twitter account, reading : “Think twice before you publish untrusted informations about Syrian Electronic Army” and “This time we hacked your website and your Twitter account, the next time you will start searching for new job”
- 28 October 2013: By gaining access to the Gmail account of an Organizing for Action staffer, the SEA altered shortened URLs on President Obama’s Facebook and Twitter accounts to point to a 24-minute propaganda video on YouTube.
- 9 November 2013: SEA hacked the website of VICE, which is a no affiliate news/documentary/blog website which has filmed numerous times in Syria with the side of the Rebel forces. When logging into vice.com you are redirected to what appears to be the homepage of the SEA.
- 12 November 2013: SEA hacked the Facebook page of Matthew Van Dyke, a Libyan Civil War veteran and pro-rebel news reporter.
- 1 January 2014: SEA hacked the official Facebook and Twitter pages for Skype as well as the official website’s blog, they posted a picture to do with the SEA as well as another post telling users to not use Microsoft’s e-mail service Outlook—formerly known as Hotmail—claiming that Microsoft sells user information to the government.
- 11 January 2014: SEA hacked the @XboxSupport Twitter pages and directed tweets to the groups website.
- 22 January 2014: SEA continued hacks on Microsoft. Hacking the official Microsoft Office Blog. They posted several images and tweeted about the attack.
- 23 January 2014: SEA hacked CNN’s official Twitter account and posted two messages, including photo of Syrian Flag composed of binary code. The Tweets were removed by CNN within 10 minutes.
- 03 February 2014: SEA hacked the websites of eBay and Paypal UK. One source says the hackers said it was just for show and that they took no data.
- 06 February 2014: SEA hacked the DNS of Facebook. Sources say the registrant contact details were restored and Facebook confirmed that no traffic to the website was hijacked, and that no users of the social network were affected.