When Syrian hackers attacked, Facebook’s bacon was saved by security measures

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Facebook lockFacebook has been in touch with me about the Syrian Electronic Army (SEA) breaking into MarkMonitor, and the hackers’ attempt to hijack the social network’s DNS records.

If the SEA had been successful they would have been able to redirect Facebook’s visitors to a third party site, perhaps hosting an offensive message, a phishing trap or even malware. But in the end it only resulted in a (brief) change to the site’s registrant contact details.

A Facebook spokesman contacted me, sharing the following information:

I wanted to let you know that it may not have been such a close call after all. We use a registry lock and two-factor authentication on our accounts.

So, why didn’t that stop the hackers from changing the registrant contact details listed for Facebook.com to point to Syria and a Gmail email address?

The registrant contact details are controlled by the registrar. Registry lock doesn’t apply.

Clearly MarkMonitor has suffered from a serious security problem, allowing unauthorised parties to access its administration panel and meddle with the registrant records for many of its customers – including Facebook.

The SEA tweeted an image of a Mark Monitor administrator panel

But the hackers were prevented from doing any further damage in Facebook’s case, because the firm had additional protection in place – in the form of a registry lock and two-factor authentication.

A registry lock requires any requests to change a website’s DNS settings to be manually verified and authenticated.

Enabling extra security measures can reduce the chance of your own company’s website being messed around with by DNS hijackers (hello eBay and PayPal UK…)

Sign up to our free newsletter.
Security news, advice, and tips.

Learn that lesson now, before it’s your company which ends up making headlines after an embarrassing and very public attack.

If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “When Syrian hackers attacked, Facebook’s bacon was saved by security measures”

  1. Douglas Brown

    DNS pointers are also normally accessed via the same registrar control panel as are the registry lock settings. The two factor authentication may have been the saving grace in this case.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.