Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message


For a short period of time this weekend, visitors to the UK versions of the PayPal and eBay websites may have seen something out of the ordinary.

Not the normal welcoming message of a world-famous online institution, but an offensive message intermingled with a binary depiction of the Syrian flag instead:

Message seen by visitors to PayPal website

Hacked by Syrian Electronic Army!

Long live Syria!

Fuck the United States Government

Regular readers will not be surprised at all to hear that the notorious Syrian Electronic Army (SEA) claimed responsibility for the defacement.

However, as with other hacks conducted by the group, there is no suggestion that customers’ information was exposed - or even that any servers belonging to PayPal, or its owners eBay, were compromised.

Instead, it sounds more likely that the pro-Assad hacking gang managed to redirect visitors to the sites to a third-party website under their control, perhaps by hijacking eBay and PayPal’s DNS entries.

Anuj Nayar, PayPal’s senior director of global initiatives, got in touch with me and offered the following statement:

We were not hacked.

For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.

The SEA posted messages and images on Twitter, claiming responsibility for the hack:

For denying Syrian citizens the ability to purchase online products, PayPal was hacked by SEA

If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA

Of course, anyone who visited the websites during this episode should breathe a sigh of relief that the apparent hijacking was not done by someone more malicious with the intention of spreading, say, a drive-by malware download.

The Syrian Electronic Army’s Twitter account has since been suspended, but no doubt they will be back with a new one soon…

Update: Twitter user Ashar Javed shared with me an image of the certificate error displayed when users attempts to reach

PayPal cert error

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

2 Responses

  1. Will

    February 3, 2014 at 11:10 am #

    So anyone converted that binary back into ASCII yet?

  2. T Wake

    February 3, 2014 at 9:17 pm #

    I notice in a lot of other reporting, such as on ZDnet, there is a tweeted screenshot from an internal email discussing the hack.

    Has this been shown to be a fake or is it just being ignored by the PR department?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.