The corporate brand protection registrar MarkMonitor was reportedly hacked yesterday by the group calling itself the Syrian Electronic Army, in an unsuccessful attempt to take out Facebook.
While MarkMonitor refused to confirm or deny the claims, the SEA, which has been conducting a campaign against high-profile western web sites for the last couple of years, tweeted several revealing screenshots.
One was a screen capture of a DomainTools Whois lookup for facebook.com, which does not appear to have been cached by DomainTools.
— SyrianElectronicArmy (@Official_SEA16) February 5, 2014
Another purported to be a cap of Facebook’s control panel at the registrar.
— SyrianElectronicArmy (@Official_SEA16) February 6, 2014
The SEA tweeted more caps purporting to show it had access to domains belonging to Amazon and Yahoo!.
In response to an inquiry, MarkMonitor rather amusingly told DI “we do not comment on our clients — including neither confirming nor denying whether or not a company is a client.”
This despite the fact that the company publishes a searchable database of its clients on its web site.
The attackers were unable to take down Facebook itself because the company has rather wisely chosen to set its domain to use Verisign’s Registry Lock anti-hijacking service.
Registry Lock prevents domains’ DNS settings being changed automatically via registrar control panels. Instead, registrants need to provide a security pass phrase over the phone.