August 15, 2013
CNN And Time Websites Also Hit By Syrian Cyber Attack
Peter Suciu For redOrbit.com – Your Universe Online
“A few days ago, The Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information,” said Washington Post Managing Editor Emilio Garcia-Ruiz in a statement posted on the paper’s editorial blog.
The attacks were not just limited to the Washington-based newspaper, as websites that belong to CNN and Time were also reportedly hacked, with links on the sites redirecting readers to a site belonging to the SEA. The breaches have been blamed on a third-party link recommendation service that all three news sites reportedly use.
The SEA, which has been targeting western media companies in recent months -- mostly through social media, including Facebook and Twitter accounts -- was able to manipulate links served by content recommendation service Outbrain.
The content recommendation firm, which has been taken offline as a result of the hacks, blogged on Thursday morning, “We are aware that Outbrain was attacked earlier today and we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely.”
In a series of updates, Outbrain noted first, “Outbrain was the victim of a social engineering attack by the Syrian Electronic Army,” and later noted, “We have now secured the Outbrain network verifying the integrity of our code and blocking all external access to our systems. We have also restored system settings to their state prior to the attack. We expect to resume service in the next few hours.”
Both CNN and Time acknowledged the breach of their respective websites.
“The security of a vendor plug-in that appeared on CNNi.com was briefly compromised today,” a CNN spokesperson told the BBC. “The issue was quickly identified and plug-in disabled. Neither CNN.com nor CNNi.com were penetrated directly.”
Time magazine also confirmed to the BBC that while its Outbrain-powered module on Time’s pages had been manipulated, the actual Time website was not directly affected.
“At this time it does not appear that Time has been hacked,” he told the BBC, “but we are looking into it further.”
The Syrian Electronic Army’s official Twitter feed also took responsibility for the attacks on the media sites, posting, “@TIME, @CNN, @ Washingtonpost websites hacked in one strike by hacking @outbrain #SEA #SyrianElectronicArmy.”
The pro-Syrian group had also taken credit this week for hacking the Facebook page of the New York Post newspaper and some Twitter feeds of Post reporters, while also hacking the social media sites and blog of social media content manager SocialFlow.
In addition to the updates on its official blog, Outbrain also reached out to the publishers.
“We are working diligently to investigate the cause and the measures to prevent this in the future," said Yaron Galai, CEO of Outbrain, in a letter to publishers as reported by CNN on Thursday. “Once we feel that the service is stable, we will bring back the service again.”