The Syrian Electronic Army are still targeting to attack Microsoft.
Today the SEA posted a Tweet which said,
“We didn't finish our attack on @Microsoft yet, stay tuned for more! #SEA”
This open challenge to Microsoft comes after the SEA began attacking Microsoft’s social accounts earlier this month. The first victim was the Twitter, Facebook and Blog of VOIP service provider Skype, which were hacked by the SEA on January 1st.
The Syrian hackers posted messages from both of Skype’s account warning users that,
Microsoft are monitoring hotmail, outlook accounts and selling the data to the governments.
Then it was the turn of Microsoft XBOX Support’s Twitter account, which was hijacked by the SEA on January 11th.
Later on the same day, the hackers struck again, this time they took over Microsoft News’ Twitter account @MSFTNews was hacked along with the TechNet blogs.
Similar anti-Microsoft tweets were posted by the SEA on all the hacked accounts, and was Retweeted over 8000 times by other users.
Today the SEA revealed what happened when they broke into the official email accounts of Microsoft’s employees.
Following are the images which the Syrian Electronic Army tweeted to expose the conversations between Microsoft’s departments when their Twitter & other accounts were hacked.
The second tweet says, ”It seems bit.ly is the backdoor that has been found,".
Bit.ly is a very popular URL shortening service which people use to share links on social networks. Apparently it has some sort of vulnerability which was exploited by the hackers to take control of the various social accounts. Hackers and Malware distributors often exploit the short urls by posting malicious links, which clicked upon would trigger a virus/malware attack or results in identity theft.
It is possible that some of the email accounts of Microsoft’s employees received such malicious URLs and were clicked upon, which resulted in these hijacks.
If you think this is bad news, wait till you hear this.
The SEA posted a tweet which said,
“a Microsoft employee wanted to make his password more stronger, so he changed it from "Microsoft2" to "Microsoft3"
It is shockingly disturbing that one of the most popular, and possibly the biggest of software companies is using such poor passwords. Of course they could just be taunting Microsoft.
Popular news website The Verge contacted both the SEA and Microsoft and they had some interesting things to say.
The SEA replied to Verge’s email with a statement which read,
"We are making some distraction for Microsoft employees so we can success in our main mission,"
While Microsoft admitted that,
"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised."