On Wednesday, February 5, the group that calls itself the Syrian Electronic Army (SEA) claimed they had gained control of the facebook.com domain. However as of 6:00PM Pacific, Facebook was back in control of its domain.
Apparently SEA succeeded in accessing the domain record for facebook.com in the MarkMonitor control panel. MarkMonitor is a domain and online reputation management company that offers a “hardened” portal for its customers, which include some of the world’s largest companies.
The hacking group posted evidence of their exploits in the form of screenshots. But while it appears that the group succeeded for a brief period of time, it was not long before Reuters was reporting control had been regained by MarkMonitor (within 30 minutes).
Right now the answer is nothing. As far as we know at this time, Facebook is back in control of facebook.com.
If a domain is taken over in this way it is possible to direct traffic away from the legitimate site normally located at that web address and onto another site which could be used for malicious purposes, like collecting personal data or infecting visitors with malware. A broader concern is that illegal activity like this attack is seldom punished which means there is little risk for the perpetrators. At the same time, there is no evidence that hacktivism of this type earns any sympathy for causes espoused by the groups responsible.
Choosing an extremely diligent domain registrar is the best, and really the only protection at this time. This incident has made the news not only because everyone knows Facebook, but also because MarkMonitor stands out as a firm offering secure registration. We await reports on what happened in this case but at this point it looks like MarkMonitor reacted rapidly and responsibly to this attack.
The Syrian Electronic Army, and that is about all we want to say about that. We prefer not to give free advertising to groups like this.
Author Stephen Cobb, ESET