The Syrian Electronic Army hacking group is notorious for causing all sorts of trouble for some of the biggest destinations on the Web, and this time around, they’ve gone after Facebook.
Update: Facebook’s WHOIS info has been restored back to normal.
The group has just claimed on Twitter to have gained possession of Facebook.com.
— SyrianElectronicArmy (@Official_SEA16) February 5, 2014
A quick check of the domain’s WHOIS data showed that the admin’s contact data has indeed been changed to a Syrian email address.
While Facebook appears to be working as usual for now, the SEA boasted that it had changed the name servers to hijack the site, but it was “taking too much time.” As the SEA noted in its original tweet, the apparent attack on Facebook comes at an inopportune time, as the company just celebrated its 10th anniversary.
The attack looks to have come through the MarkMonitor domain management service. Facebook’s WHOIS info does list MarkMonitor as the domain registrar. According to the SEA, MarkMonitor closed down its portal in response to the alleged hack. On its website, MarkMonitor says it offers a “hardened” portal and premium security solutions to protect brands’ domains.
A tweet from the SEA included a screenshot that, if genuine, would seem to show MarkMonitor’s portal interface.
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
We’ve reached out to Facebook for comment. When contacted by The Next Web, MarkMonitor declined to comment, citing a company policy of neither confirming nor denying whether companies use its services.
To be clear, there’s no evidence that Facebook itself has been compromised. Despite SEA’s claims to have rerouted the company’s nameservers, Facebook traffic seems to be operating as usual. While the SEA’s purported screenshots point to an intrusion on MarkMonitor’s end, we’ll have to wait for the registrar to issue an official statement on what went down.
This is a developing story. Please refresh for updates.
Thumbnail credit: Ed Jones/AFP/Getty Images