Syrian Electronic Army uses recommendation service to hack media sites
Washington Post, CNN and Time all suffer attack.
Hackers claiming to represent the pro-Assad hacktivist collective Syrian Electronic Army (SEA) have conducted a multi-targeted attack against a number of US media outlets using a previously unknown security flaw.
The SEA is believed to have breached the security of content recommendation firm Outbrain, which pushes recommendations to those sites. When readers of the Washington Post and Time websites clicked on linked content from Outbrain, some customers were redirected to the SEA's website. CNN International, meanwhile, was defaced and displayed the headline "Hacked by SEA" for a time.
The SEA, since its founding in May 2011, has regularly attacked news outlets that it believes have published negative news about president Assad, including BBC News, Al Jazeera and the Associated Press (AP).
The organisation also successfully took over the AP twitter feed in April 2013, falsely reporting a bomb had exploded at the White House and Barack Obama had been injured.
In a blog post, Outbrain's co-founder and CEO, Yaron Galai, said the organisation had been a victim of a "social engineering attack" by the SEA.
"On the evening of August 14th, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain's CEO. It led to a page asking Outbrain employees to input their credentials to see the information,"he said.
"Once an employee had revealed their information, the hackers were able to infiltrate our email systems and identify other credentials for accessing some of our internal systems."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Outbrain said late in the evening on 15 August that its network had been secured and full service resumed at approximately 1.00am on 16 August.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.