August 15, 2013
SEA Hacks Washington Post’s Twitter Account
Peter Suciu for redOrbit.com – Your Universe Online
While a special section of the Chinese People’s Liberation Army (PLA) has been in the spotlight in the past year for hacking activities including cyber attacks on various media companies, this week it was the Syrian Electronic Army (SEA) that went on the offensive against the fourth estate.
The Washington Post announced on Thursday that it had been attacked by a hacker collective that supports Syrian President Bashar al-Assad.
“A few days ago, The Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information,” said Washington Post Managing Editor Emilio Garcia-Ruiz in a statement posted on the paper’s editorial blog. “The attack resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message. For 30 minutes this morning, some articles on our web site were redirected to the Syrian Electronic Army’s site.”
“The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain,” Garcia-Ruinz added. “We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting The Post site.”
The paper reported that the attack against it was able to succeed because of a vulnerability in Outbrain, a third-party content recommendation service.
“Outbrain works by embedding a widget on websites filled with sponsored links, and it seems as though once the SEA had hacked Outbrain, that gave them access to redirect readers on certain pages to SEA-controlled sites,” the Post's Brian Fung wrote.
The Post’s IT department confirmed that Outbrain was the source of the vulnerability as has Outbrain, which shut down its website on Thursday as a result of the cyber attack.
“Due to an attack, our recommendations are down. Our team is working to get our system secure & up shortly. Apologize for any inconvenience,” the company posted on its official Twitter account.
This attack on the Washington Post comes just one week after Amazon.com founder Jeff Bezos acquired the newspaper for $250 million, one of the highest-profile buyouts in recent history. The Washington Post was founded in 1877 but became a household name following the Nixon Watergate scandal. It had been owned by the family of current Post chairman and CEO Donald Graham for four generations. Other Washington Post Co. properties, including its Kaplan education business division, were not part of the deal with Bezos. The company will reportedly change its name after selling the paper.
The SEA has reportedly not singled out the Washington Post, and has targeted other media organizations including the Financial Times, Reuters and ITV News. Back in April, the SEA had even sent out false tweets from the AP's account that there had been an attack on the White House. The stock market fell in response to the tweet before it was confirmed to be a fake.