CybersecuritySyrian Electronic Army’s attack on Reuters makes a mockery of cyber-security (again)
One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the Internet, and the control any nation can have over information dissemination has been eroded — on news Web sites but especially on open platforms such as Twitter and Facebook. One lesson from all the attacks on open platforms is that a focus of any attempted hack will be a spear phishing e-mail. Tricking users into entering their details may be simple, but it can be very serious. For example the Reuters site, which was attacked by the Syrian Electronic Army (SEA), a pro-Assad group of “hacktivists,” integrates more than thirty third-party/advertising network agencies into its content. A breach on any of these could compromise the agency’s whole infrastructure.
Marine website hacked by SEA, who left this defacing message // Source: shenidi.com
One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the Internet, and the control any nation can have over information dissemination has been eroded — on news Web sites but especially on open platforms such as Twitter and Facebook. Witness the activities of the Syrian Electronic Army (SEA), a pro-Assad group of “hacktivists,” which despite limited resources managed to compromise one of the leading news agencies in the world. It wasn’t even the first time — it has already attacked the agency several times before, not to mention its other attacks on the Financial Times, Washington Post, New York Times, and Associated Press.
At midday on Sunday, people reading Reuters content found themselves redirected to a page which stated:
Where last year, for example, the SEA attack involved tweeting links to pro-Assad propaganda from the Reuters Twitter account, this time it targeted Reuters content directly. But instead of targeting the agency’s site, the hack attacked the news content that it hosts on the sites of a large number of media outlets.
This is not the first time the SEA had attacked in a way that compromised the trusted partners of the major media outlets. It did something similar to the New York Times last August.
In this most recent case, the SEA appears to have redirected viewers to the bogus pages by compromising advertising hosted by a Reuters partner site called Taboola. This could have serious consequences for Taboola’s other clients, who include Yahoo!, BBC Worldwide and Fox News; and will generally be great worry to many sites.
Look what the spear phishing dragged in …
Another possibility for what lay behind the latest Reuters attack was one of the most common methods of compromise — a spear phishing e-mail, similar to the one that the SEA used to attack satirical site The Onion last year.
This involved a person in the company clicking on what seemed to be a link to a lead story from the Washington Post but turned out to be malicious. It re-directed the user to another site and then asked for Google Apps credentials. Once these had been keyed in, the SEA gained access to The Onion’s Web infrastructure and managed to post a story.
