The hackers of the SEA, the Syrian Electronic Army, defaced the US Army website exploiting an Army’s commercial content delivery network provider.

After a short period of silence, the group SEA and defaced the official website of the US Army and added a pop-up message displaying the following text:

“Your commanders admit they are training the people they have sent you to die fighting.”

The hackers of the Syrian Electronic Army (SEA) gained access to the web page through the Limelight Networks content delivery network as reported by an image shared by the group through its Twitter account.

 

Limelight has immediately started the necessary investigation as told to Ars by a spokesperson for the company.

“We take security concerns extremely seriously and, in an abundance of caution, we are conducting a full investigation.  At this point we have no reason to believe any customer data has been compromised.”

At the time of publication, the US Army homepage has been restored, but another website belonging to the US Army appears down, it is the “stratcom.mil” domain of the US Strategic Command, but the two events appear not correlated.

For newbies, the SEA is considered one of the most advanced hacking group, it claims to support the government of Syrian President Bashar al-Assad and started its hacking campaign in 2011 in the wake of anti-Assad uprisings in the state.

The list of the SEA victims is very long, it includes media outlets (Forbes, the Independent, the NYT, the Telegraph, and the al-Jazeera), IT giants (Microsoft, Ebay and PayPal, and Twitter) and Government offices (President Obama website, US CENTCOM). 

The group, which claims to support the government of Syrian President Bashar al-Assad, rose to prominence in 2011 in the wake of anti-Assad uprisings in the state.

In March, the Syrian Electronic Army hacked BlueHost, Hostgator, Justhost, FastDomain and HostMonstor companies because they hosted websites managed by the ISIS terrorists.

Stay Tuned!

Pierluigi Paganini

(Security Affairs –  Syrian Electronic Army – SEA,  hacking)

UPDATE June 09 2015

The SEA has released an official statement related to the attack

“The Syrian Electronic Army statement about the US Army website attack:

On Monday evening at 8:05PM, the Syrian Electronic Army hacked the official website of the US Army.
The hack was performerd after targeting the CDN service used by US Army website.
The SEA was able to intercept the content paths after discovering an exploit in the Contron Panel that provide the ability to edit the protected content paths.
The SEA posted on the hacked website several messages calling the US military to stop training terrorists in Turkey and Jordan.
There are sources confirmed to us, that there are voices within the US military rejects this training and considers it a big mistake.
The SEA qualify the data obtained from this attacks and other old-attacks, to be published later if that was necessary.

The hacked website: http://www.army.mil/

Archive link: https://archive.is/xVOn6“