Syrian Electronic Army hacks into Viber support website

No sensistive user information was compromised, Viber Media said

The hacker group calling itself the Syrian Electronic Army (SEA) broke into the customer support website for Viber, an instant messaging and Voice-over-Internet-Protocol (VoIP) application available for both mobile and desktop operating systems.

The Viber support website was defaced Tuesday and was modified to display the SEA logo and a message telling visitors that "the Israeli-based 'Viber' is spying and tracking you." On Wednesday, the site was inaccessible and returned a "403 Forbidden" error.

"The Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack," a Viber Media spokesman said Wednesday via email. "The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page."

The information accessed by the attackers included information needed for customer support like when a user registered, where they registered from and what type of device they use, he said.

Viber's databases were not hacked and sensitive user data like message contents or address books was not exposed, the Viber representative said. This information is stored in a "secure system that cannot be accessed through this type of attack" and is not part of the support system. Viber is based in Cyprus and has development centers in Belarus and Israel, he said.

The Syrian Electronic Army gave a somewhat different description of the attack, saying in an email message that it managed to access four systems, one for customer support and others used "for managing accounts."

"We dumped and downloaded the databases of the hacked systems," the group said. "We will tell more in the right time."

This attack comes after SEA announced Friday that it broke into the website and database of Tango, a different VoIP application. The group claimed that it downloaded the phone numbers, email addresses and contacts of millions of Tango users.

TangoME, the company the develops Tango, acknowledged the intrusion Saturday on Twitter and said that the security breach resulted in unauthorized access to some data.

Before the Tango hack, the SEA broke into the systems of Truecaller, a global phone directory service.

It's not clear why the hacker group is targeting mobile VoIP apps and related services.

"Like Tango and Truecaller, Viber was targeted in order to obtain the important data that is stored in their databases," the Syrian Electronic Army said via email. However, it didn't clarify why it considers this data important and how it plans to use it, except for saying that it will not leak it publicly.

SEA is publicly supportive of Syrian President Bashar al-Assad and his government. In recent months the group has targeted several different media organizations including the Financial Times, the Associated Press, The Guardian, BBC, and Al Jazeera, breaking into their websites or Twitter accounts.

On Monday the group broke into the administration panel of The Daily Dot news website after the organization did not comply with the hacker group's request to remove a caricature of Syrian President Bashar al-Assad from one of its articles.

Join the CSO newsletter!

Error: Please check your email address.

Tags Truecallertelecommunicationonline safetymobiledata protectionViber MediaprivacyTangoMEmobile applicationsintrusionvoipsecuritydata breach

More about BBC Worldwide Australasia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts