Josh Ong is the US Editor at The Next Web. He previously worked as TNW's China Editor and LA Reporter. Follow him on Twitter or email him a Josh Ong is the US Editor at The Next Web. He previously worked as TNW's China Editor and LA Reporter. Follow him on Twitter or email him at [email protected].
The Syrian Electronic Army hacking group is notorious for causing all sorts of trouble for some of the biggest destinations on the Web, and this time around, they’ve gone after Facebook.
Update: Facebook’s WHOIS info has been restored back to normal.
The group has just claimed on Twitter to have gained possession of Facebook.com.
Happy Birthday Mark! http://t.co/yWBwvXPGRZ owned by #SEA http://t.co/gk8nGxATLt pic.twitter.com/eAeGp1TvBF
— SyrianElectronicArmy (@Official_SEA16) February 5, 2014
A quick check of the domain’s WHOIS data showed that the admin’s contact data has indeed been changed to a Syrian email address.
While Facebook appears to be working as usual for now, the SEA boasted that it had changed the name servers to hijack the site, but it was “taking too much time.” As the SEA noted in its original tweet, the apparent attack on Facebook comes at an inopportune time, as the company just celebrated its 10th anniversary.
The attack looks to have come through the MarkMonitor domain management service. Facebook’s WHOIS info does list MarkMonitor as the domain registrar. According to the SEA, MarkMonitor closed down its portal in response to the alleged hack. On its website, MarkMonitor says it offers a “hardened” portal and premium security solutions to protect brands’ domains.
A tweet from the SEA included a screenshot that, if genuine, would seem to show MarkMonitor’s portal interface.
MarkMonitor Administration Panel. #SEA pic.twitter.com/7zDbUxHbYJ
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
We’ve reached out to Facebook for comment. When contacted by The Next Web, MarkMonitor declined to comment, citing a company policy of neither confirming nor denying whether companies use its services.
To be clear, there’s no evidence that Facebook itself has been compromised. Despite SEA’s claims to have rerouted the company’s nameservers, Facebook traffic seems to be operating as usual. While the SEA’s purported screenshots point to an intrusion on MarkMonitor’s end, we’ll have to wait for the registrar to issue an official statement on what went down.
Last August, the SEA launched a similar attack on domains from Twitter, The New York Times and The Huffington Post by compromising Melbourne IT, the companies’ domain registrar.
This is a developing story. Please refresh for updates.
Thumbnail credit: Ed Jones/AFP/Getty Images
Get the TNW newsletter
Get the most important tech news in your inbox each week.