Pierluigi Paganini February 02, 2014

Ebay and PayPal hacked by Syrian Electronic Army, “For denying Syrian citizens the ability to purchase online products” said SEA.

The group of hackers Syrian Electronic Army (SEA) has monopolized the attention of the media, the hacking team has practically hit every possible target within government organizations, big enterprises and media agencies. The list of victims is very crowded, last in order of time were CNN and Microsoft. Today hackers of Syrian Electronic Army hacked PayPal and Ebay, the group modified the DNS records of ebay.co.uk and paypal.co.uk defacing their websites. SEA was able to hack into The Domain Registry of Paypal and Ebay which is Managed by Mark Monitor.

The hackers have condemned the decision of the PayPal company to discriminate Syrian citizens:

“For denying Syrian citizens the ability to purchase online products, Paypal was hacked by SEA” “If your Paypal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA” are the message send, as usual, via the Official Twitter account of the group.

The attack hasn’t caused any data breach, the hackers haven’t targeted specific PayPal profiles, but they limited their offensive to a demonstrative act to protest against the PayPal company.

The screenshot posted in the tweet revealed that the hackers accessed the Admin panel to edit the DNS information of the targeted websites.

According first information available on the attack, the Syrian Electronic Army has compromised the Mark Monitor account of Ebay and hacked the email account belonging to Paul Whitted, Sr. Manager, Site Engineering Center at eBay and posted screenshot of the internal communications.

It is still not clear how the Syrian Electronic Army hacked the account, at the time of writing this post both websites were restored to normal.

Pierluigi Paganini

(Security Affairs –  Ebay, PayPal, Syrian Electronic Army)