Syrian Electronic Army Hacks Skype – Allegedly

Reports have emerged this morning about a short-lived hack of Skype's Twitter and WordPress accounts by the Syrian Electronic Army
Reports have emerged this morning about a short-lived hack of Skype's Twitter and WordPress accounts by the Syrian Electronic Army

A brief note in the New York Times, 24 December 2013, noted that the FBI had sent out a warning about Syrian Electronic Army (SEA) phishing activity. It proved prescient. In the early hours of this morning, SEA tweeted, "Don't use Microsoft emails(hotmail,outlook), They are monitoring your accounts and selling the data to the governments." The tweet contained a link to a Skype blog page. The link currently reverts to the Skype home page. 

According to a report in E Hacking News, an official Skype tweet simultaneously gave the same message, and it was also repeated on the Skype blog. A screenshot of the Skype WordPress Dashboard appears to demonstrate SEA had gained access to the Skype blog, and E Hacking News comments, "It appears the hackers have hijacked the account of "Shana pearlman" who is Content Marketing Manager at Skype."

Screenshots are easily forged. If SEA really did gain access to the Skype blog and Twitter account, Skype very quickly regained control and removed any evidence. So fast, in fact, that there were quick accusations of 'fake.' 'CONSTERNATiON,' host of the Tinfoil Radio Network, tweeted, "fake. they never had access to the physical account. it was tweeted using the sprinklr API," and added later, "bbc said that skype stated they were hacked. i still don't buy it was a hack. so misinformation everywhere."

What the BBC actually said was, "Skype acknowledged that it had been hacked but said that 'no user information was compromised.'" This would appear to reference a Skype tweet: "You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience." This implies, but does not state, that it had been hacked – merely confirming it had been targeted.

One of the main reasons for the doubt and confusion is that this 'hack' marks a change from SEA's usual tactics. This, if genuine, is a protest against NSA surveillance and alleged Microsoft complicity in that surveillance. Traditionally, SEA has sought to promote a pro-Syrian government message as a protest against Western involvement in the Syrian civil war. Infosecurity has asked SEA for a comment on this, but has as yet received no reply. Any comment received will be appended at the end of this article.

In the meantime, the balance of evidence would suggest that SEA did indeed briefly gain access to the Skype blog, and quite possibly its Twitter account. Security expert Graham Cluley suggests that Skype may have been guilty of reusing the same password, allowing SEA to access both accounts from one successful phish: "In all likelihood, the publicity-seeking Syrian Electronic Army managed to trick Skype’s social media team into handing over a password via a targeted phishing attack, unlocking both access to the service’s blog and Twitter account."

Either way, however, the 'hack' was short-lived and has caused little damage beyond embarrassment.

The Syrian Electronic Army sent this statement to Infosecurity:

We can confirm that attack was done by us. and we gained access to important documents about monitoring accounts/emails by Microsoft. 

It's still about Syria. And we will detail that soon.

What’s hot on Infosecurity Magazine?