Syrian Electronic Army claims responsibility for Washington Post hack

Shawn Knight

Posts: 15,254   +192
Staff member

washington post site hacked syrian electronic army

The Washington Post’s website was hacked Thursday morning by a group that is sympathetic to Syrian President Bashar al-Assad. The publication was compromised for roughly half an hour, sending some users to the hackers’ website when they clicked on foreign-news stories.

Members of the hacker collective known as the Syrian Electronic Army (SEA) claimed responsibility for the attack via Twitter. They were able to gain access to the site’s backend through a staff writer’s computer that had fallen victim to a sophisticated phishing attempt according to managing editor Emilio Garcia-Ruiz.

Earlier this week, the person or persons behind the attack sent e-mails to Washington Post inboxes that appeared to originate from other Post colleagues. The messages contained a link that instructed recipients to provide log-in data. It appears that at least one Post writer fell for the scam, giving the hacker group the necessary login credentials to launch today’s attack.

In the tweet published this morning, the SEA also claimed to have hacked CNN and Time magazine collectively through ad network Outbrain. True enough, Outbrain said in a tweet of their own that they were having a problem with their network earlier today.

The SEA has claimed responsibility for a number of high profile hacks this year. In April, the group successfully hijacked the Associated Press’ Twitter account and published a message claiming the White House was under attack and the president had been injured. Just last month, they managed to hack into a backup database belonging to popular video and text messaging app Tango. It was believed at the time that as much as 1.5TB of data was compromised in the attack.

Permalink to story.

 
They got access through phishing. I have no idea how capable these guys are but phishing is not hard at all. Especially when you're doing it in the way these guys did. They basically through a cast net out and hoped to catch at least just one fish. **** you don't even have to know how to cast a net effectively and you'll still probably catch something. Just as these guys did this in probably the easiest way possible. You, me, and a lot of people could probably do the same without learning much programming at all. This is not impressive regardless of what these people may or not be capable of.
 
I take that back. You might have to learn some BASIC html in order to change link targets. Still, html is pretty simple for what these guys did.
 
For example, this was taken directly from this page's source:

<base href="https://www.techspot.com/community/" /><script>
var _b = document.getElementsByTagName('base')[0], _bH = "https://www.techspot.com/community/";
if (_b && _b.href != _bH) _b.href = _bH;
</script>

If I had access guess what? I would just change that actual community link to my own website too! It's like magic but you already know what's happening!
 
Really these guys are targetting newspapers?? They really are not that bright. We all know our media "spoonfeeds" us the information THEY deem important. So we tend to in general ignore what we see comming from a news outlet. We prefer to use the web. Less censoring. This may have been an attack to just see if they could do it. Reality is though they will have to work a LOT harder to get into the systems we would worry about.
 
Back