eBay and PayPal DNS hijacked by Syrian Electronic Army

Earlier today, the nameservers on the ebay.co.uk and paypal.co.uk domain were changed to ns1.dnforu.com and ns2.dnforu.com in an apparent hijack.

It seems that the Syrian Electronic Army are now claiming responsibility for this on Twitter. They have posted screenshots of the eBay/PayPal MarkMonitor account where they were able to manage the domains in question as well as seemingly had access to the email account of Paul Whitted, Senior Manager at eBay’s Site Engineering Centre judging by another screenshot.

Several hours before this broke in the news, I tried to get in touch with PayPal UK’s security team to report this to them, however after being passed between several people I was eventually told that the problems I was experiencing were because “PayPal doesn’t support Apple devices as they are less secure”. Thanks guys, really helpful, top notch work there!

I also emailed the eBay network team and their domain registrar, MarkMonitor, neither of whom bothered to get back to me.

For posterity, I’ve attached screenshots of the ebay.co.uk and paypal.co.uk listings in Nominet’s whois records at the time of the attack.

Share