SEA – Syrian Electronic Army defaced the US Army website

The hackers of the SEA, the Syrian Electronic Army, defaced the US Army website exploiting an Army’s commercial content delivery network provider.

After a short period of silence, the group SEA and defaced the official website of the US Army and added a pop-up message displaying the following text:

“Your commanders admit they are training the people they have sent you to die fighting.”

The hackers of the Syrian Electronic Army (SEA) gained access to the web page through the Limelight Networks content delivery network as reported by an image shared by the group through its Twitter account.

Limelight has immediately started the necessary investigation as told to Ars by a spokesperson for the company.

“We take security concerns extremely seriously and, in an abundance of caution, we are conducting a full investigation. At this point we have no reason to believe any customer data has been compromised.”

At the time of publication, the US Army homepage has been restored, but another website belonging to the US Army appears down, it is the “stratcom.mil” domain of the US Strategic Command, but the two events appear not correlated.

For newbies, the SEA is considered one of the most advanced hacking group, it claims to support the government of Syrian President Bashar al-Assad and started its hacking campaign in 2011 in the wake of anti-Assad uprisings in the state.

The list of the SEA victims is very long, it includes media outlets (Forbes, the Independent, the NYT, the Telegraph, and the al-Jazeera), IT giants (Microsoft, Ebay and PayPal, and Twitter) and Government offices (President Obama website, US CENTCOM).

The group, which claims to support the government of Syrian President Bashar al-Assad, rose to prominence in 2011 in the wake of anti-Assad uprisings in the state.

In March, the Syrian Electronic Army hacked BlueHost, Hostgator, Justhost, FastDomain and HostMonstor companies because they hosted websites managed by the ISIS terrorists.

Stay Tuned!

Pierluigi Paganini

(Security Affairs – Syrian Electronic Army – SEA, hacking)

UPDATE June 09 2015

The SEA has released an official statement related to the attack

“The Syrian Electronic Army statement about the US Army website attack:

On Monday evening at 8:05PM, the Syrian Electronic Army hacked the official website of the US Army.
The hack was performerd after targeting the CDN service used by US Army website.
The SEA was able to intercept the content paths after discovering an exploit in the Contron Panel that provide the ability to edit the protected content paths.
The SEA posted on the hacked website several messages calling the US military to stop training terrorists in Turkey and Jordan.
There are sources confirmed to us, that there are voices within the US military rejects this training and considers it a big mistake.
The SEA qualify the data obtained from this attacks and other old-attacks, to be published later if that was necessary.

The hacked website: http://www.army.mil/

Archive link: https://archive.is/xVOn6“

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.