Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

For a short period of time this weekend, visitors to the UK versions of the PayPal and eBay websites may have seen something out of the ordinary.

Not the normal welcoming message of a world-famous online institution, but an offensive message intermingled with a binary depiction of the Syrian flag instead:

Message seen by visitors to PayPal website

Hacked by Syrian Electronic Army!

Sign up to our free newsletter.
Security news, advice, and tips.

Long live Syria!

Fuck the United States Government

Regular readers will not be surprised at all to hear that the notorious Syrian Electronic Army (SEA) claimed responsibility for the defacement.

However, as with other hacks conducted by the group, there is no suggestion that customers’ information was exposed – or even that any servers belonging to PayPal, or its owners eBay, were compromised.

Instead, it sounds more likely that the pro-Assad hacking gang managed to redirect visitors to the sites to a third-party website under their control, perhaps by hijacking eBay and PayPal’s .co.uk DNS entries.

Anuj Nayar, PayPal’s senior director of global initiatives, got in touch with me and offered the following statement:

We were not hacked.

For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.

The SEA posted messages and images on Twitter, claiming responsibility for the hack:

For denying Syrian citizens the ability to purchase online products, PayPal was hacked by SEA

If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA

Of course, anyone who visited the websites during this episode should breathe a sigh of relief that the apparent hijacking was not done by someone more malicious with the intention of spreading, say, a drive-by malware download.

The Syrian Electronic Army’s Twitter account has since been suspended, but no doubt they will be back with a new one soon…

Update: Twitter user Ashar Javed shared with me an image of the certificate error displayed when users attempts to reach paypal.co.uk.

PayPal cert error

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message”

  1. Will

    So anyone converted that binary back into ASCII yet?

  2. I notice in a lot of other reporting, such as on ZDnet, there is a tweeted screenshot from an internal email discussing the hack.

    Has this been shown to be a fake or is it just being ignored by the PR department?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.