A video has surfaced this week showing an alleged interview with the commander of the Syrian based hacker group “Syrian Electronic Army” (SEA). In the video the speaker claims that the SEA hacker group can hack any website that posts false information about Syria within just a few hours.
The SEA has gained notoriety by hacking several western news company websites and social media outlets. One of their favorite tactics to gain access seems to be via social engineering. From reports, the group sends very believable e-mails containing booby trapped links.
Though most of the attacks seem to be more nuisance type attacks, the SEA did successfully defaced a US Marine Corps recruiting site last month. I doubt they are on the top list of targets for retaliation by US Cyber Command, as our forces are more concerned with attacking military and infrastructure type targets. But messing with the Marines probably isn’t the wisest thing to do.
What I am curious of though is if the US would ever escalate to kinetic attacks on hacker group leaders. Earlier this month one of Iran’s cyber commanders was executed, presumably by Israeli forces.
Time will tell I guess…
Visitors to several Israeli websites were greeted with the above message. Numerous big named websites were all supposedly hacked and defaced by a group calling themselves L33t Pakistani H4x0rZ.
About half an hour ago the hacker group anonymous released this message:
And sure enough, if you visited any of these sites, you were greeted with the defaced message from the Pakistani hackers. But were all these websites actually defaced?
A quick ping test tells a different story. All of the IP addresses point to the same address!
As you can see in the screenshot above (taken earlier today) all the websites pointed to the same internet address, or IP address.
It would seem that the hackers were able to infiltrate and modify a DNS server, pointing all of these websites to a single website displaying the Pakistani hacker message. This is actually a scarier attack than just simply defacing a single webpage, as from the browser stand point you would not be able to tell that you are at the wrong website.
But one has to wonder how legit some of the addresses are. Looking at Alexa.com, some of these addresses get very little traffic. And using the internet archive “wayback” machine it looks like some of these haven’t been used (or archived) in years. It appears there may be a bit of “Cyber Trickery” going on here.
Also, some counterhacking might be going on as a few minutes ago surfing to the BBC.org.il website revealed a different message. Just a blank white page with the words, “Pakistans Suck!”
Hacking and counterhacking, when will it end?
* Updated 1pm EST – Added graphic of ping responses from earlier today. It would appear these have been all changed now.