Hacker News new | comments | show | ask | jobs | submit login
Syrian Electronic Army hijacks Microsoft blog and Twitter account (theverge.com)
19 points by kbambz 1288 days ago | hide | past | web | 16 comments | favorite

The Syrians mention Microsoft is "selling the data to the governments". Are they referring to MS reportedly selling zero day exploits, before they are patched? http://www.techdirt.com/articles/20130614/02110223467/micros...

They have a long history of doing these kind of things. My question is, how do these blog/twitter hackings really help them? I doubt people are gonna stop using Microsoft email. Maybe they're just trying to publicize, but I feel like these antics are getting a bit old and losing their efficacy.

SEA claims that defacing Microsoft's blog/Twitter is just a distraction. A possible goal could be to leak a huge volume of internal email? They already captured and released one exchange.

This type of "hacking" is extremely lame. For some reason when I see any kind of defacing like this one I'm filled with rage.

The email refers to a hole having to do with bitly. Anyone have more info?

are these just mercenaries or are they all syrian? how do they 'hack', what type of coding skills do they have that can do this? brute force? genius algos?

AFAIK, they're just Syria's nationalist version of Anonymous, but not necessarily all based in Syria. http://en.wikipedia.org/wiki/Syrian_Electronic_Army

Web application cracking really isn't all that difficult in our current age, especially with sufficient dedication and manpower, as the SEA certainly has.

There's simply so many vectors to get in. Every layer of technology you add is a potential layer of vulnerability. The state of security is appalling and people have been repeating this for so many years, but few other people listen (or they simply pretend to listen and convincingly appear as if they've taken precautions).

I doubt most of them have any particularly good coding skills. Large-scale Middle Eastern hackers and website defacers are primarily script kiddies. It's just that they have a lot of willpower and time to run vast automated attacks.

Actually a lot of high-profile attacks like this don't even involve exploiting the actual web application. Rather, they hijack nameservers, socially engineer domain registrars or find some external avenue or service to get in by enumerating open ports, seeing what's juicy and searching for exploits. They also phish a lot.

Information security is a very complex and intriguing field, but when it comes to merely cracking web applications from a purely practical point of view, it's relatively easy and especially so now that any wannabe hacker can just burn Kali Linux on a CD and read some tutorials on using tools.

Usually these are kiddos with misguided sense of patriotism doing what they do (defacing websites).

Media loves to blow this out of proportion, because "cyberterrorism" and "cyberwarfare" just looks so damn cool in print. In reality though, you can count gainful attacks, the kind which would make sense to be conducted by governments, on fingers of one hand.

You are just speculating, adds nothing to the discussion. If there is one country with a "misguided sense of patriotism" it would be the US. Spying on the entire world? Selling out every possible exploits to the governments? Implementing backdoors? This is just the tip of the iceberg and its citizens of the US who are carrying them out. Just the media using the terms "cyberterrorism" and "cyberwarfare" as you said, are just another trick to exploit the patriotism in the US, patriotism only benefits the government and not the people.

I see my post disturbed you enough to register here and comment, but I have no fainest idea what you actually object to.

That defacing websites is a misguided patriotism? Well yes, it does not contribute to your case in any measurable way. It's not like bringing down a blog means a jack in real world.

As to your token US-bashing, I'm not a U.S. citizen so your outrage is misplaced.

Kiddos with misguided sense of patriotism?; get in their shoes for a second... imagine that most gobernments and international media in the world suddendly supports the taliban to take over our country.

I have no problems with that, you can't take over a country with newspaper clippings.

The situation with Syria is not as clear cut though. If Assad just went away instead of massacring his own people on (then peaceful) protests, there wouldn't be anywhere as much influence of radicals among people today. He obviously prioritized his well-being over Syria's long-term stability, and this is the consequence.

I work for a major Arabic news channel and we had to deal with many incidents/attacks from the SEA. the amount of DDOS we had was really massive even the network firewall couldn't handle it.

Most ips were located in Russia, Ukraine, USA and a few other Arab countries. I highly suspect they are a small group of amateurs, right now we have moved to AWS with Dos-Arrest in front which seems to work well.

I believe they mostly send phishing emails.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact