The self-styled “Syrian Electronic Army” (SEA) hacking group took over has Skype’s Twitter account, Facebook site and blog, and used them to post claims that they sell data to governments.
It also posted what appeared to be the contact details for outgoing Microsoft chief executive Steve Ballmer on its Twitter account, saying “You can thank Microsoft for monitoring your accounts/email using this details”.
No actual Skype accounts or passwords seem to have been affected by the hack, though.
Skype managed to regain control of the account, and in a statement, later acknowledged the hack: “You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience.”
Security consultant Graham Cluley suggested that the Skype team had used the same passwords for its Twitter account and blog system, enabling the SEA to take over both. Of the SEA’s takeover of the Facebook page, he said it “adds more fuel to the fire that Skype screwed up by committing the cardinal sin of using the same password for different sites,” he said.
The hackers, who are sympathetic to the rule of Syrian’s president Bashar Al-Assad, gained control of the blog system used by Skype and posted a blog entry headlined “Don’t use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to governments”.
That post – since deleted – seems to be a reference to the claims made following the Snowden disclosures that Microsoft and Skype have been targeted in the Prism program by the US National Security Agency (NSA) for data collection about people using the company’s services. Microsoft bought Skype in May 2011 for $8.5bn, though the NSA seems to have targeted Skype before that.
Skype is under investigation by Luxembourg’s data protection commissioner over its alleged cooperation in the Prism program.
The SEA has targeted a number of high-profile media organisations, including the Associated Press, the Guardian, New York Times, and Washington Post, to take over Twitter accounts belonging to them. Its methods tend to be consistent, using “phishing” techniques to grab passwords from large shared groups, and then exploiting the control of accounts. But it has never been known to carry out any malicious large-scale attacks.
The SEA has seen its Twitter account repeatedly deleted for hacking; the account it is now using has only been active since the end of July 2013.
The SEA is believed to have a handful of members, some based in Dubai, rather than operating from within Syria itself.