Pro-Assad hackers hijack Skype’s blog, Twitter feed, and Facebook

The Syrian Electronic Army (SEA) have started 2014 off by following their usual motive of spreading propaganda. However, this time the propaganda has nothing to do with the Syrian Civil War, or it’s President, Bashar Hafez al-Assad.

Instead, the message is centered on corporate privacy violations, as alleged by the NSA documents leaked by former contractor, Edward Snowden last summer. The leaked documents allege that many of the Web’s largest firms, including Microsoft (Skype’s parent company), have shared personal data and encrypted messages with the government.

Microsoft has denied these claims, going so far as to call the NSA’s surveillance programs advanced persistent threats (APTs), but legal restrictions have prevented Microsoft from actually disclosing what kinds of data is shared, and how much.

On Wednesday, the SEA hijacked Skype’s primary Twitter feed, as well as an associated Skype developer account on the micro-blogging service, the company blog, and the VoIP giant’s Facebook page in order to spread a single message:

“Don’t use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments… “

The main Skype Twitter account, as well as the Facebook page reverted to previous forms. However, it would appear that the SEA is still in control. Despite the offending propaganda being removed, the same message appeared on Skype’s main Twitter feed hours later.

As of 5:00 p.m. EST on January 1, the Twitter feed remained compromised, and the Skype blog was taken offline.

It isn’t clear how the SEA gained the access they did. In the past, they’ve compromised usernames and passwords via Phishing. Twitter issued a warning about Phishing to media companies and social brands last summer, when the SEA was at its most active.

In 2013, the SEA targeted the Associated Press, Reuters, the New York Post, CBS News, and the Guardian, as well as Outbrain.com a company that delivers recommended content links to the bottom of articles published by more than 400 websites including CNN, Time, Fox News, Slate, and Mashable.

Messages to Microsoft’s Rapid Response PR address were not returned by the time this story went to print.

Update:

Microsoft still hasn’t responded, but it’s a holiday, so that’s to be expected unfortunately.

There’s been some speculation as to how the attacks happened, and it revolves around Sprinklr, an Enterprise Social Media Management System (SMMS). Sprinklr can cover everything that’s social for a company, from posting to engagement, and their focus is on large organizations; including Microsoft.

It’s possible, and there is some evidence based on earlier Tweets from the SEA to the Skype Twitter feed, that the Sprinklr account used by Skype was compromised. If so, that would enable the SEA to target all of the company’s linked social media profiles in a single go, as well as the corporate blog.

As mentioned, the SEA has used Phishing in the past to gain access to accounts, and a compromise of this type would fit their profile. However, this is still just speculation.

Image courtesy of @Ihazcandy

I’ve reached out to Sprinklr for clarification, and will update as soon as there’s additional information.

Update 2:

No one from Microsoft or Skype has returned messages from the Hash, but they have given a statement to Mashable:

“We recently became aware of a targeted cyber attack that led to access to Skype’s social media properties, but these credentials were quickly reset. No user information was compromised”