Skype Attack Puts Focus On Hacktivist Threats


The Syrian Electronic Army gained access to the Twitter account and blog associated with Microsoft's Skype service on New Year's Day, posting messages about government surveillance until the firm regained control of the social media accounts.

The SEA gained access to the official Skype account on Twitter Wednesday, using it to spread a short message accusing Microsoft of monitoring Hotmail and Outlook.com email traffic for the government. Skype is a Microsoft subsidiary. The group also posted the contact details for outgoing Microsoft CEO Steve Ballmer.

In its message on the hijacked Twitter account, the SEA referred to leaked documents from National Security Agency whistleblower Edward Snowden, which identified Skype as one of the cloud-based services monitored under the agency's surveillance program. The leaked NSA documents also referenced how Microsoft apparently worked closely with U.S. intelligence agencies, providing a back door for the government to view encrypted email and other sensitive files. European officials are investigating the extent of the surveillance on Skype VoIP calls. Responding to the allegations, Microsoft called for more transparency and a discussion about the balance between privacy and security.

[Related: FBI: Hacktivists Have Been Infiltrating U.S. Government Systems For A Year
]

Microsoft did not respond to a request for comment on the SEA attack. The firm posted a message on Twitter confirming that its social media properties were targeted.

The SEA group, which supports Syrian President Bashar al-Assad, is one of a number of hacktivist organizations that have struck at media organizations and high-profile companies. Their tactics involve stealing the account credentials to gain access to highly active social media accounts or accessing domain system records to redirect visitors to high-profile websites to a Web page that spreads its message, said Rob Kraus, director of engineering research team at Omaha, Neb.-based managed service provider Solutionary. In a recent interview with CRN, Kraus said the SEA and other hacktivist groups have been responsible for a variety of attacks, including a high-profile domain attack that disrupted The New York Times in August. A security lapse at a reseller was blamed in that incident.

"Different groups use different types of attack vectors depending on their goal," Kraus told CRN. "Some of it can be addressed by stronger patch management measures, but other incidents are basic security lapses that are targeted to get their message across."

The attackers have gotten good at tricking employees into giving up their account passwords using carefully crafted phishing attacks, Kraus said. A Solutionary study of hacktivist attacks issued in November found banks, government agencies and other businesses often caught in the crosshairs of hacktivist groups. Leaked passwords were at the core of hacktivist attacks against government agencies, according to a leaked FBI memo obtained by Reuters in November. The memo blamed the private-sector breaches for giving groups, such as Anonymous, the resources they need to gain access to some government systems to steal data.

Hacktivist attack techniques change often, the study found. The attackers sometimes use distributed denial-of-service attacks to bring down the targeted organization's website. Web application vulnerabilities also frequently are targeted to simply deface the website or gain access to sensitive data in the underlying servers supporting the site.

Systems integrators and resellers need to work closely with their clients to conduct thorough risk assessments, said Kaleb Jacob, founder of Manchester, N.H.-based reseller Eagle Network Solutions. Security vendors increasingly develop products for sophisticated threats, but most businesses are still struggling to keep pace defending against automated attacks, Jacob said. Standard attack techniques are repeated often by hacktivist groups because they work, and are often supported by, automated attack tools, Jacob told CRN.

"The active zero-day attacks that we hear so much about is a serious issue but it isn't occurring on a massive scale," Jacob said. "Every year the bad guys are quicker at getting exploits to known threats."

PUBLISHED JAN. 2, 2014