Syrian Electronic Army raids eBay, PayPal UK
3rd Feb 2014 | 16:00
Redirects users, doesn't steal data
The hacktivist group Syrian Electronic Army (SEA) has struck again, this time targeting eBay and PayPal UK.
The group breached a number of sites belonging to the two online merchants, defacing them by posting its tagline "hacked by the Syrian Electronic Army" to anything it could find. After posting evidence of the attacks online, Twitter suspended the SEA's account.
In a tweet directed at people using eBay and PayPal, the SEA posted (prior to suspension): "Rest assured, this was purely a hacktivist operation, no user accounts or data were touched … think about the Syrians denied online payments for more than three years".
Posts on the eBay UK community page expressed confusion as people who attempted to purchase items received the SEA's tagline in response. The downtime lasted up to an hour. Ever the showmen, SEA posted screenshots of internal communications between PayPal staff warning each other of the attack, which, the email read, was stemming from a "compromised laptop".
"We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected," Anuh Nayar, PayPal's senior director of global initiatives, told security blogger Graham Cluley. "The situation was swiftly resolved and PayPal's service was not affected."
The Syrian Electronic Army has been busy in 2014, attacking Microsoft's social media profiles and Twitter accounts, infiltrating its Office Blogs page and compromising employee accounts. It has also targeted news outlets in its goal to spread awareness of the conflict in Syria.