Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

For a short period of time this weekend, visitors to the UK versions of the PayPal and eBay websites may have seen something out of the ordinary.

Not the normal welcoming message of a world-famous online institution, but an offensive message intermingled with a binary depiction of the Syrian flag instead:

Message seen by visitors to PayPal website

Hacked by Syrian Electronic Army!

Long live Syria!

Fuck the United States Government

Regular readers will not be surprised at all to hear that the notorious Syrian Electronic Army (SEA) claimed responsibility for the defacement.

However, as with other hacks conducted by the group, there is no suggestion that customers’ information was exposed – or even that any servers belonging to PayPal, or its owners eBay, were compromised.

Sign up to our free newsletter.
Security news, advice, and tips.

Instead, it sounds more likely that the pro-Assad hacking gang managed to redirect visitors to the sites to a third-party website under their control, perhaps by hijacking eBay and PayPal’s .co.uk DNS entries.

Anuj Nayar, PayPal’s senior director of global initiatives, got in touch with me and offered the following statement:

We were not hacked.

For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.

The SEA posted messages and images on Twitter, claiming responsibility for the hack:

For denying Syrian citizens the ability to purchase online products, PayPal was hacked by SEA

If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA

Of course, anyone who visited the websites during this episode should breathe a sigh of relief that the apparent hijacking was not done by someone more malicious with the intention of spreading, say, a drive-by malware download.

The Syrian Electronic Army’s Twitter account has since been suspended, but no doubt they will be back with a new one soon…

Update: Twitter user Ashar Javed shared with me an image of the certificate error displayed when users attempts to reach paypal.co.uk.

PayPal cert error


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message”

  1. Will

    So anyone converted that binary back into ASCII yet?

  2. I notice in a lot of other reporting, such as on ZDnet, there is a tweeted screenshot from an internal email discussing the hack.

    Has this been shown to be a fake or is it just being ignored by the PR department?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.