Washington post hacked
Washington post hacked, The Washington Post was hacked Thursday morning by the Syrian Electronic Army, the paper announced in an editor's note. Some users visiting the newspaper's site reading certain stories were being redirected to the hacker group's site:
"The Washington Post Web site was hacked today, with readers on certain stories being redirected to the site of the Syrian Electronic Army. The group is a hacker collective that supports Syrian President Bashar al-Assad. The Post is working to resolve the issue," the note said.
Yesterday The New York Times website went down for several hours, though the paper said it was related to a system outage and not hacking.
Looks like it wasn't just the website. Newsroom employees were subjected to a sophisticated phishing attack and one staff writer's personal account ended up being used to send out a Syrian Electronic Army message, Washington Post Managing Editor Emilio Garcia-Ruiz says in an emailed statement:
"A few days ago, Post newsroom employees were subjected to a sophisticated phishing attack, allegedly by the Syrian Electronic Army, which attempted to gain password information. The attack resulted in one staff writers' personal account being used to send out a Syrian Electronic Army message. This morning, some articles on our web site were re-directed to the Syrian Electronic Army's site for a period of about 30 minutes. The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting the site."
Mashable reports it may have been the hacking of content recommendation service Outbrain that led to the Washington Post hack. Garcia-Ruiz told Mashable that the SEA "claimed they gained access to elements of our site by hacking one of our business partners, Outbrain.
Update 4:00pm
The Washington Post has put up a few posts explaining the hack and confirming it originated from the Outbrain hack.
"The Syrian Electronic Army’s attack against The Washington Post succeeded because of a vulnerability in Outbrain, a third-party content recommendation service. Outbrain works by embedding a widget on websites filled with sponsored links, and it seems as though once the SEA had hacked Outbrain, that gave them access to redirect readers on certain pages to SEA-controlled sites."
The Post also posted an explainer on what the Syrian Electronic Army is: A group of computer hackers who support embattled Assad and initially emerged in April 2011 during the rise of anti-regime protests in Syria.
"While Assad has a background in computing, and once explicitly referenced his 'electronic army,' the group’s formal ties to the administration are unclear. The quality of their attacks suggest that the SEA includes both professional quality hackers, who might be receiving some form of compensation, and young volunteers who believe in the regime," Washington Post technology reporter Andrea Peterson reports.
While their attacks have been mostly harmless, the group is getting more serious Peterson writes, noting that when they hacked the AP's Twitter account to tweet the White House had been bombed, the stock market took a quick and significant nose dive.
"Recently, security researchers say the group has also started to engage in more sophisticated attacks, including using Trojans and and targeting Voice over IP (VOIP) services."
"The Washington Post Web site was hacked today, with readers on certain stories being redirected to the site of the Syrian Electronic Army. The group is a hacker collective that supports Syrian President Bashar al-Assad. The Post is working to resolve the issue," the note said.
Yesterday The New York Times website went down for several hours, though the paper said it was related to a system outage and not hacking.
Looks like it wasn't just the website. Newsroom employees were subjected to a sophisticated phishing attack and one staff writer's personal account ended up being used to send out a Syrian Electronic Army message, Washington Post Managing Editor Emilio Garcia-Ruiz says in an emailed statement:
"A few days ago, Post newsroom employees were subjected to a sophisticated phishing attack, allegedly by the Syrian Electronic Army, which attempted to gain password information. The attack resulted in one staff writers' personal account being used to send out a Syrian Electronic Army message. This morning, some articles on our web site were re-directed to the Syrian Electronic Army's site for a period of about 30 minutes. The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting the site."
Mashable reports it may have been the hacking of content recommendation service Outbrain that led to the Washington Post hack. Garcia-Ruiz told Mashable that the SEA "claimed they gained access to elements of our site by hacking one of our business partners, Outbrain.
Update 4:00pm
The Washington Post has put up a few posts explaining the hack and confirming it originated from the Outbrain hack.
"The Syrian Electronic Army’s attack against The Washington Post succeeded because of a vulnerability in Outbrain, a third-party content recommendation service. Outbrain works by embedding a widget on websites filled with sponsored links, and it seems as though once the SEA had hacked Outbrain, that gave them access to redirect readers on certain pages to SEA-controlled sites."
The Post also posted an explainer on what the Syrian Electronic Army is: A group of computer hackers who support embattled Assad and initially emerged in April 2011 during the rise of anti-regime protests in Syria.
"While Assad has a background in computing, and once explicitly referenced his 'electronic army,' the group’s formal ties to the administration are unclear. The quality of their attacks suggest that the SEA includes both professional quality hackers, who might be receiving some form of compensation, and young volunteers who believe in the regime," Washington Post technology reporter Andrea Peterson reports.
While their attacks have been mostly harmless, the group is getting more serious Peterson writes, noting that when they hacked the AP's Twitter account to tweet the White House had been bombed, the stock market took a quick and significant nose dive.
"Recently, security researchers say the group has also started to engage in more sophisticated attacks, including using Trojans and and targeting Voice over IP (VOIP) services."
Categories:
0 comments:
Post a Comment