Subscribe

Attacks on media escalate

Via a spearphishing attack, hackers were able to target several publications simultaneously.

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 16 Aug 2013
No one has ever been arrested in connection with their involvement with the group. Photo: Uros Zunic / Shutterstock.com.
No one has ever been arrested in connection with their involvement with the group. Photo: Uros Zunic / Shutterstock.com.

Several visitors to articles on The Washington Post's Web site on Thursday found themselves browsing the Syrian Electronic Army's (SEA's) Web site instead.

The SEA is a hacking collective, aligned with Syrian president Bahsar al-Assad. It employs denial of service attacks, defacement, and suchlike to target political opposition groups and western Web sites, specifically news organisations and human rights groups.

The Washington Post said, by Thursday afternoon, it had the situation under control. The Post's managing editor, Emilio Garcia-Ruiz, said in a posting on the site: "We've taken defensive measures, and at this time there are no other issues affecting the site."

He said in a statement, "A few days ago, The Syrian Electronic Army allegedly subjected Post newsroom employees to a sophisticated phishing attack to gain password information. The attack resulted in one staff writer's personal Twitter account being used to send out a Syrian Electronic Army message."

According to Garcia-Ruiz, the publication has not yet identified the source of the phishing attack that attempted to steal passwords and log-ins for e-mail accounts belonging to the site's journalists. He added that the phishers sent e-mails that seemed to be from the journalists' colleagues, asking them to click a link and log in.

Garcia-Ruiz added that: "At this time, we believe there are no other issues affecting The Post site."

Reuters described the latest attacks as "significant" as the attackers targeted several sites concurrently, by breaching a single supplier, Outbrain, whose content is published on several different platforms.

Previous attacks by the SEA have seen networks breached through similar tactics, but in those instances, targeted employees of a single specific media outlet only, which made preparations for the attacks more labour-intensive.

Taking credit

The SEA took credit for the hack in a tweet on Thursday morning and said it hacked the Post, CNN and Time magazine in one fell swoop, revealed Threatpost. The tweet said The Post was hacked via Outbrain, an ad network used by The Post to suggest other stories to readers.

Outbrain admitted on Thursday that it had network issues, and said it was aware it had been breached. The company added that in a move to protect its readers and partners, it took down the service as a precaution.

Although it appears the breach has been secured and the hackers blocked, Outbrain said it would remain down a little longer, until it was confident it would be safe to go up again.

Media attacks escalating

Timeline of significant SEA breaches
23 April 2013:
SEA hijacks the Associated Press Twitter account and tweets that the White House had been bombed and Barack Obama injured.
May: SEA compromises the Onion's Twitter account by phishing its employees' Google Apps accounts.
24 May: The ITV News London Twitter account is hacked by SEA.
17 July: SEA hacks TrueCaller servers, stealing gigabytes of information. Hackers release TrueCaller's alleged database host ID, username, and password.
23 July: Viber servers are breached by SEA. The Viber support Web site was replaced with a message and a supposed screenshot of data that was obtained during the intrusion.
5 August: Advertising service Outbrain is hacked by the SEA via a spearphishing attack. This allowed the SEA to place redirects into the Web site of The Washington Post.

This is the latest attack in a long line of attacks aimed at crippling or embarrassing mainstream media. Publications that have fallen victim to the SEA include the BBC, The Associated Press, France 24 TV, The Daily Telegraph, The Financial Times and al-Jazeera.

In January, The New York Times reported that Chinese hackers had breached its network, and stolen log-in credentials from some reporters and other employees before being driven out by security companies hired to fix the problem.

The attacks coincided with the reporting for a Times investigation, published in October 2012, that revealed relatives of China's prime minister had gathered a fortune worth several billion dollars through business dealings.

In April, The Guardian fell afoul of the SEA, for spreading "lies and slander about Syria" and said it was in a "state of war with the security team of Twitter".

The publication said it realised it was under attack when staff were targeted with fake e-mail, aimed at accessing their mail and social media accounts. Following this, the Guardian's Twitter feeds were compromised.

Who are they?

Not much is known about the SEA's members, which - although widely understood to support Assad's regime - have never been directly linked to the Syrian government.

Media sites and social networks have been the group's staple targets as a means of spreading its agenda.

No one has ever been arrested in connection with their involvement with the group.

Share