For the last several months, the Syrian Electronic Army (SEA) has been causing quite a bit of a ruckus, defacing websites and commandeering Twitter accounts of a number of media organizations and the occasional VoIP software company. So far, they’ve been more of an annoyance than any sort of genuine threat. The SEA hacktivists generally get into organizations by phishing someone within a target company, which could either be a media organization or a software company, or even a resource provider such as a DNS registrar. Once they have the necessary access, the SEA have sent tweets or changed websites to spread their politically-themed message.
It looks like the most recent chapter in their campaign is turning to American military sites, with an attack on a recruitment site for the US Marine Corps. Thus far, these attacks have followed fairly predictable patterns, and it seems likely this may be just the first strike against the military’s social and PR web presence.
There is no evidence so far that the SEA hacktivists have gone after the usual financial data that attackers usually seek, or anything else that would cause genuine damage. As a home user, at this point there is nothing you particularly need to fret about as a result of these breaches. But it does stress the importance of being wary of phishing attacks, as there may be more to lose than simply your login credentials. This is true especially at work; falling for phishing scams could mean the reputation of your company is also at stake. Attackers don’t need to hack the head IT guy or the executive staff to harm the reputation of a company; any entry point into a company could potentially give them a foot in the metaphorical door.