Hactivists deface eBay and PayPal websites

The Syrian Electronic Army (SEA) is claiming responsibility for a DNS hack on the UK websites of eBay and PayPal over the weekend.

Hactivists deface eBay and PayPal websites
Hactivists deface eBay and PayPal websites

Visitors to both websites were redirected to defaced pages with offensive messages overlaying the Syrian flag in the binary code.

Specifically, the attackers carried out the attack by changing entries in the online look-up table that translates the PayPal.co.uk URL into an IP address computers use to route surfing requests.

Servers and customer records were reportedly unaffected, and the service returned to normal over the weekend.

The SEA, which says that it carried out the attack, reveals that the hijack was motivated by eBay's stance on doing business through PayPal with users in Syria.

“For denying Syrian citizens the ability to purchase online products, PayPal was hacked by SEA," wrote the pro-Assad hacktivists on the Official_SEA16‎ Twitter account.

PayPal, meanwhile, played down the incident in a statement:

“We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected,” said PayPal senior director of global initiatives Anuj Nayar.

“There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal's service was not affected.”

Veteran security researcher Graham Cluley said that the companies can count themselves fortunate that no customer data was stolen.

“As with other hacks conducted by the group, there is no suggestion that customers' information was exposed – or even that any servers belonging to PayPal, or its owners eBay, were compromised,” he said on his blog.

“Instead, it sounds more likely that the pro-Assad hacking gang managed to redirect visitors to the sites to a third-party website under their control, perhaps by hijacking eBay and PayPal's .co.uk DNS entries.

“Of course, anyone who visited the websites during this episode should breathe a sigh of relief that the apparent hijacking was not done by someone more malicious with the intention of spreading, say, a drive-by malware download.”

Jarno Limnell, director of cyber security at Stonesoft, a McAfee Group Company, told SCMagazineUK.com that politically-motivated attacks like these will continue to rise.

“Cyberspace is increasingly being seen as an essential aspect of modern conflict,” he said. “Large organisations, particularly financial ones, are perfect high-profile targets for hackers, such as the SEA, to garner attention and amplify their cause. In the near-future, as attacks become more frequent, ideological groups are most likely to begin diversifying their targets. 

"Likely these will be key infrastructure projects, such as power grids or water treatment plants that form the foundation of society,” concludes Limnell.

Sign up to our newsletters