This article was published on February 6, 2014

Uh oh. The Syrian Electronic Army is meddling with Facebook’s domain [Updated]


Uh oh. The Syrian Electronic Army is meddling with Facebook’s domain [Updated]

The Syrian Electronic Army hacking group is notorious for causing all sorts of trouble for some of the biggest destinations on the Web, and this time around, they’ve gone after Facebook.

Update: Facebook’s WHOIS info has been restored back to normal.

The group has just claimed on Twitter to have gained possession of Facebook.com.

A quick check of the domain’s WHOIS data showed that the admin’s contact data has indeed been changed to a Syrian email address.

While Facebook appears to be working as usual for now, the SEA boasted that it had changed the name servers to hijack the site, but it was “taking too much time.” As the SEA noted in its original tweet, the apparent attack on Facebook comes at an inopportune time, as the company just celebrated its 10th anniversary.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The attack looks to have come through the MarkMonitor domain management service. Facebook’s WHOIS info does list MarkMonitor as the domain registrar. According to the SEA, MarkMonitor closed down its portal in response to the alleged hack. On its website, MarkMonitor says it offers a “hardened” portal and premium security solutions to protect brands’ domains.

A tweet from the SEA included a screenshot that, if genuine, would seem to show MarkMonitor’s portal interface.

We’ve reached out to Facebook for comment. When contacted by The Next Web, MarkMonitor declined to comment, citing a company policy of neither confirming nor denying whether companies use its services.

To be clear, there’s no evidence that Facebook itself has been compromised. Despite SEA’s claims to have rerouted the company’s nameservers, Facebook traffic seems to be operating as usual. While the SEA’s purported screenshots point to an intrusion on MarkMonitor’s end, we’ll have to wait for the registrar to issue an official statement on what went down.

Last August, the SEA launched a similar attack on domains from Twitter, The New York Times and The Huffington Post by compromising Melbourne IT, the companies’ domain registrar.

This is a developing story. Please refresh for updates.

Thumbnail credit: Ed Jones/AFP/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with