Would you be interested in connecting with hacktivists on Google+? How about Pinterest? Maybe you would prefer Instagram. The Syrian Electronic Army has a presence on all of these accounts, and is probably utilizing social media better than you and your clients.
The SEA has made their name by hacking high-brow Twitter accounts to promote their pro-Assad, pro-Syrain message. Twitter repeatedly shuts down the accounts they create, but they immediately make new ones, keeping the same handle except for the final number. They have been deleted by Twitter 11 times so far, and as of writing this can be found on @Official_SEA12.
Most recently, the SEA attacked messaging apps Viber and Tango. First they hacked Tango, stealing 1.5 terabytes of data and the phone numbers and email addresses of the app’s 120 million users. The group claimed the user contact information will be presented to the Syrian government.
Before hacking Viber, the group tweeted out a warning that the app was spying on users and telling people to delete their accounts. They took down the site and replaced it with their logo and messaging. Viber has since denied that the contact information of its 200 million users has been compromised.
These two attacks are part of a larger snowball that the SEA has set up. The two messaging apps were compromised when employees at Tango and Viber opened phishing emails that looked secure. This has been the most common method of attack from the hacktivist group, and it looks like more are on their way. The cycle is inevitable: use a phishing email to hack a messaging app, steal more emails, send phishing emails to hack more accounts to steal more information.
At the end of the day, companies like Twitter, the Guardian, Tango and Viber can only do so much to protect their users, the success of the SEA lies in human error clicking into phishing emails.
Despite the fact that their Twitter account regularly gets shut down, they average more than 3,000 followers. As of writing this, they boast 177 followers on Pinterest, and have established Google+, Instagram, YouTube and Facebook accounts. LinkedIn must not be their thing.
The SEA has found their niche in Twitter, both to attack popular accounts and to connect with fans. The tweet warning users to delete their Viber app received eight replies, 86 retweets and 17 avorites. Every one of their accounts has the same branding, messaging, and photos.
As multiple Twitter accounts, websites, and apps are left to pick up the pieces in the wake of a phishing attack and hacking, the Syrian Electronic Army barrels forward. Until we find a way to avoid phishing scams and stop the cyber-terrorists, they will continue to spread their message, grow their social presence and stay on-brand.