Over the weekend, members of the now-infamous pro-Assad hacking group; the Syrian Electronic Army, were caught hijacking and defacing the front pages of several very popular websites — including eBay and the UK version of PayPal.
Evidence of the attack first popped up on Twitter, the preferred platform for the organization, who announced they had successfully penetrated the email systems and internal services of both sites. We’d like to show you what they wrote upon first telling the world they had breached another major technology company, but unfortunately Twitter has since banned the account that was being used as a platform for the hackers to tell the world what they’d accomplished.
Below we can see what appears to be an internal email lifted from the networks of PayPal by one of the rebel group’s technicians, discussing the compromised accounts and relaying information to engineers that their security wasn’t as up to par as it should have been.
One of the most likely reasons that SEA had PayPal UK in their sights relates back to a donation page, supported by the payment services company, that operates to provide funding and relief to refugees of the ongoing Syrian conflict.
The hackers themselves also set out to inform PayPal customers that no financial information or money was stolen from their accounts, and that the move was purely one of political demonstration and nothing more.
“Rest assured, this was purely a hacktivist operation, no user accounts or data were touched. For denying Syrian citizens the ability to purchase online products, Paypal was hacked by the #SEA.”
Syria currently ranks fairly high on the “blacklist of omission”, which is a specific group of countries that are not allowed to utilize the services of PayPal or Ebay, such as Afghanistan, Haiti, Pakistan, Libya, Cuba, or Sudan.