1

Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by the Syrian Electronic Army (SRA) in support of President Bashar al-Assad. All three sites concerned apparently used a single link recommendation service called Outbrain, and it seems that a social engineering attack there led to the successful breach. 0612f5b78049dbb2f29c20a86e26b88f

Outbrain announced yesterday that "we have fully secured the network and resumed service. If you have additional questions about the incident, please do not hesitate to contact us" and stated that it would be "compiling a fuller brief on the episode to share with anyone who would like more information. If you want to receive the brief, please email publishersupport@outbrain.com".

The Washington Post has apparently also come under attack using targeted social engineering and advanced phishing tactics earlier in the week, before the Outbrain plug-in breach, and the SEA had some success in compromising account password security. Managing Editor Emilio Garcia-Ruiz admits "the attack resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message." The SEA have had quite some success in compromising the social media accounts of the media, with the New York Post also seeing Facebook and Twitter accounts posting similar messages.

Darien Kindlund, Threat Intelligence Manager at security vendor FireEye notes that the Syrian Electronic Army is "a prolific hacker group loyal to Syrian President Bashar al-Assad. Its campaign began in mid-2011, and includes DDoS attacks, phishing, pro-Assad defacements and spamming against governments, online services, and media that are perceived hostile to the Syrian government".

Barry Shteiman, Senior Security Strategist at another security outfit, Imperva, points out that “it makes a lot of sense for a hacktivist group that wishes to display their message and show that they exist to go after high end media. They have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness".

Edited by Dani: made sticky

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
24
Views
4 Years
Discussion Span
Last Post by LastMitch
0

Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by the Syrian Electronic Army (SRA) in support of President Bashar al-Assad. All three sites concerned apparently used a single link recommendation service called Outbrain, and it seems that a social engineering attack there led to the successful breach.

I read about that. The only I can say is that it's hard to separate a hacker or a country using cyber warfare or a terrorist who is using hacker method to attack the US. I'm leaning towards a hacker not a country nor a terrorist.

Time will tell. I think John Kerry said something about a war on TV today not sure.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.