Facebook Almost Hacked By The SEA: “Happy Birthday, Mark!”

Feb 06, 2014 By Sarah Vonnegut

The notorious hacker group Syrian Electronic Army (SEA) is stirring up trouble again, this time with Facebook. Overnight, the group claimed to pwn the domain, posting a screenshot of the WHOIS info on its Twitter. ‘Happy Birthday Mark,’ the tweet taunted, referring to Facebook’s recent 10th birthday. The registrant data indeed reflected that the email address had been changed to a Syrian Gmail account. 

A follow up tweet said that they had tried to overtake Facebook’s servers but had to abandon because it was ‘taking too much time.’ At no time was or its business operations affected. . The SEA also tweeted a screenshot in which it appeared to show MarkMonitor’s portal interface was overtaken. 

The attack appears to have been originated using MarkMonitor, which took down its management portal after realizing it had been hacked, thereby stopping SEA from doing any more damage on its site or Facebook’s. In the end, the SEA failed in its mission to hack into Facebook, but it was a close call. You can be sure both MarkMonitor and Facebook will be tying the loose ends that allowed this attack to happen.

SEA Facebook Attack

SEA posted this screenshot on their Twitter, claiming to have changed the registrant email for

The domain and registrar data was returned to its original owner a few hours later, but it’s worth noting that the group could get so close to hacking such a massive site, which does so much to secure its own components. Giants are still vulnerable, and this kind of attempt reflects that.

The SEA has been relentless in its hacking attacks, which usually target US media and social sites. Hacking in the name of Syrian president Bashar al –Assad’s regime, the group uses a wide array of techniques including denial of service attacks, defacement and phishing campaigns to steal passwords to social media and email accounts, get into secured servers, and take down sites.

They use the attacks to take down content perceived to be hostile towards the Syrian government as well as sending out anti-US or pro-Syrian messages via hacked social media accounts. The New York Times, Huffington Post, BBC News, The Associated Press, and Twitter are just a few of SEA’s past victims. Wikipedia has a timeline of notable attacks by the Syrian Electronic Army if you’re interested in reading more.

Neither Facebook nor MarkMonitor has commented on the alleged attack as of yet.

Read more on The Next Web here

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.