The Syrian Electronic Army (SEA) who have been quite the past few months have once again begun their reign, over Thanksgiving weekend the hackers took over several high-profile sites, leaving a message to be seen.
Starting Thursday, the Syrian hackers started their reign, hacking hundreds of extremely high-trafficked sites, leaving a popup message reading: “You’ve been hacked by the Syrian Electronic Army (SEA).” The pro-Assad group is no stranger to hijacking high-profile domains, the team has attacked sites like Facebook, Forbes, eBay and PayPal, the United States government among countless others.
Hundreds of sites were affected in the Syrian Electronic Army’s hack, The Independent was one of the few sites to acknowledge the attack, noting their users were safe and not in fact not hacked:
— The Independent (@Independent) November 27, 2014
Another massive site also affected was The Telegraph, the site noted they had suffered an attack but blamed it on a third-party service:
A part of our website run by a third-party was compromised earlier today. We’ve removed the component. No Telegraph user data was affected.
— The Telegraph (@Telegraph) November 27, 2014
Reports state The Independent was hacked through Gigya, the embedded comment system shown throughout the site. While Gigya itself was not comprised, the hackers hijacked the DNS pointing it to images hosted on other servers.
Viewing the code injected into sites, it appears the Syrian Electronic Army hijacked Gigya’s subdomain, cdn.gigya.com, injected the code along with an image to appear on the sites. Seeing as Gigya was directly affected and their DNS was hijacked, hackers could have gained access to the Gigya customer database.
The team also posted an image on Twitter of the groups hack inside Gigya’s GoDaddy account, allowing them full access over the domain, nameservers and possibly more.
The number of sites affected can not be confirmed due to the large range of attacks, a list forming on social media claims the following sites were hit by the Syrian Electronic Army:
ABS-CBN, Alijazzera American, Aljiazzera English, Apple Daily (Hong Kong), Arsenal News, ASP, World Tour, Beatport, Betty Crocker, Boston.com, Business Day TV, Cision, Buzzfeed (UK), CBC News (Canada), Chelsea FC (UK), Chicago Tribune, CIO Online, Clarin (Argentina), CNBC, CNN Mexico, CNN Money, Colorlines, Creative Blog, CVG, Daily Express (UK), Daily Star (UK), Dallas Morning News, Dell Computer Systems, Direct TV, Encyclopedia Britannica , Evening Standard (UK), Femme Actuelle (France), Ferrari, Forbes, Fox Soccer, Gigya, Gizmodo (Japan), Goal.com, Gold Channel, Hartford Courant, HitFlix, Intel, La Repubblica (Italy), La Tercera (Chile), Lillt Pulitzer, Logitech, Los Angeles Times, Marmiton, Michale Kors, Microsoft, Milenio (Mexico), MLG, National Geographic NBC, New York Faily News, Next Media (Asia), NHL, Nine News Australia, Office Depot, Ok Magazine, PC World, Public Radio International, Rappler, RDS, Real Simple Magazine, Red Bull, Red Eye Chicago, Snapfish, Stuff, STV News, Swagbucks, The Baltimore Sun, The Guardian, The Independent, The Star, The100, The Telegraph, TimeOut London, TimeOut New York, Toronto Star, Unicef, Venturebeat, Verizion Wireless, Walmart (Canada), and William Hill Betting.
The the massive list of 82 sites continues to grow, yet the validity can not be individually confirmed.
Syrian Hackers told news reports the hack was not to harm users or damage companies systems, it was simply a message.