SEA Hacks US Media Sites
Are you a regular reader of the Washington Post? Then you may have noticed things didn't look quite right earlier in the week. Hackers were able to breach the dedicated hosting sites for The Washington Post, CNN, and Time by breaching the site for third-party service relied on by all three sites, Outbrain.
The Syrian Electronic Army (SEA) is claiming responsibility, with some Washington Post and Time users to be redirected to the SEA's cheap hosting website when they clicked on Outbrain content, according to Outbrain vice president Lisa LaCour. The CNN site displayed the message “Hacked by SEA.”
Washington Post managing editor Emilio Garcia-Ruiz issued a blog post on Thursday:
“A few days ago, the Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information.
“The attack resulted in one staff writer's personal Twitter account being used to send out a Syrian Electronic Army message. For 30 minutes this morning, some articles on our website were redirected to the Syrian Electronic Army's site.
“The Syrian Electronic Army, in a tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting The Post site.”
Outbrain is a third-party content recommendation service that works “by embedding a widget on websites filled with sponsored links, and it seems as though once the SEA had hacked Outbrain, that gave them access to redirect readers on certain pages to SEA-controlled sites,” said Post reporter Brian Fung. The Outbrain breach allowed the compromise of the CNN and Time sites.
Outbrain was aware of the breach, and issued a post stating “in an effort to protect our publishers and readers, we took down the service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely.”
Not The First Time
There have been other attacks of news media outlets by various countries, such as the Chinese attack on The New York Times website and various other media sites. However, this attack was quite different, according to experts.
CTO of application security vendor Cenzic, Scott Parcel, said that while the prior attacks sought to extract “internal information, such as news sources,” the Post attack looks to drive readers away from the site. Said Parcel, “While sources are critical to news, if readers become afraid that simply visiting the site to read the news threatens their own computers with malware, then the readership could dry up quickly.”
The SEA is a group of tech-savvy people working together in order to draw attention to their group and political agenda by going after high-profile media and social networking organizations. No highly sensitive data such as credit card numbers or financial information has been hacked, but passwords and other account details have been published following prior hacks.
“After compromising an account or website, the group typically posts fictitious stories and messages, or messages directed at particular individuals or groups, to draw attention to their agenda,” said Scott Hazdra, principal security consultant at Neohapsis.
SEA Hacks US Media Sites: Just The Beginning?
Some, like Darien Kindlund, manager of threat intelligence at FireEye, believe there may be a bigger attack in the works. “Sometimes, DDoS attacks are a smoke screen for other attacks…It is possible that the SEA wants to monitor Washington Post stories on Syria as China wanted to spy on The New York Times.”
No matter what the reason, it highlights the importance of solid security measures for anyone's cheap or dedicated hosting website. Hackers are out there, are you prepared?