The commotion was caused by the appearance of the Syrian Electronic Army’s logo on the Sky Apps page combined with a warning on the @SkyHelpTeam Twitter account: “We are aware that the Android apps of Sky+,Sky News were hacked and replaced... please remove the apps if you are already installed it.” The obvious assumption is clear: Sky’s apps have been hacked.
Graham Cluley was quick to issue a note of caution. “I’m not saying that a hack didn’t occur,” he quickly blogged, “but I would urge people to be a little cautious (considering the SEA’s habit of hacking the Twitter accounts of media organisations) about trusting the messages sent out via @SkyHelpTeam.” Two things concerned him. Firstly, the warning tweet was posted via the standard Twitter web interface when @SkyHelpTeam usually posts via the Lithium Social Web. And secondly – the grammar.
Idiomatic inconsistencies and just plain bad grammar are a major indicator of spam, scams and hacking attempts: “please remove the apps if you already installed it” is not what one might expect from Sky. Furthermore, adds Cluley, “It seems strange that Sky’s support team would tweet a warning to users about their apps, but provide no link to where further information will be provided.”
Time seems to have proven him right. Many of the original news headlines have now been changed to ‘Sky Apps account or page compromised.’ It seems to have been a two-pronged attack by the Syrian Electronic Army: hacking the account page and adding the SEA logo (and sending screenshots to journalists); and simultaneously hacking the @SkyHelpTeam Twitter account and issuing a false statement. But not the apps themselves.
A formal statement from Sky has now been posted on the Sky Help Forum. Although the company removed its apps from the Google Play store, it added, “All Sky Apps were unaffected and any Sky Android apps previously downloaded by customers are safe to use. There is no need to remove them from your android device.”