Syrian Electronic Army claims responsibility for Washington Post hack

By on August 15, 2013, 4:00 PM
hacking, phishing, washington post, syrian electronic army, sea

The Washington Post’s website was hacked Thursday morning by a group that is sympathetic to Syrian President Bashar al-Assad. The publication was compromised for roughly half an hour, sending some users to the hackers’ website when they clicked on foreign-news stories.

Members of the hacker collective known as the Syrian Electronic Army (SEA) claimed responsibility for the attack via Twitter. They were able to gain access to the site’s backend through a staff writer’s computer that had fallen victim to a sophisticated phishing attempt according to managing editor Emilio Garcia-Ruiz.

Earlier this week, the person or persons behind the attack sent e-mails to Washington Post inboxes that appeared to originate from other Post colleagues. The messages contained a link that instructed recipients to provide log-in data. It appears that at least one Post writer fell for the scam, giving the hacker group the necessary login credentials to launch today’s attack.

In the tweet published this morning, the SEA also claimed to have hacked CNN and Time magazine collectively through ad network Outbrain. True enough, Outbrain said in a tweet of their own that they were having a problem with their network earlier today.

The SEA has claimed responsibility for a number of high profile hacks this year. In April, the group successfully hijacked the Associated Press’ Twitter account and published a message claiming the White House was under attack and the president had been injured. Just last month, they managed to hack into a backup database belonging to popular video and text messaging app Tango. It was believed at the time that as much as 1.5TB of data was compromised in the attack.




User Comments: 6

Got something to say? Post a comment
howzz1854 said:

......................

Guest said:

Lets give these script kiddies a cookie for hacking a website.

The SEA are anything, but script kiddies.

Guest said:

They got access through phishing. I have no idea how capable these guys are but phishing is not hard at all. Especially when you're doing it in the way these guys did. They basically through a cast net out and hoped to catch at least just one fish. Shit you don't even have to know how to cast a net effectively and you'll still probably catch something. Just as these guys did this in probably the easiest way possible. You, me, and a lot of people could probably do the same without learning much programming at all. This is not impressive regardless of what these people may or not be capable of.

Guest said:

I take that back. You might have to learn some BASIC html in order to change link targets. Still, html is pretty simple for what these guys did.

Guest said:

For example, this was taken directly from this page's source:

<base href="http://www.techspot.com/community/" /><script>

var _b = document.getElementsByTagName('base')[0], _bH = "http://www.techspot.com/community/";

if (_b && _b.href != _bH) _b.href = _bH;

</script>

If I had access guess what? I would just change that actual community link to my own website too! It's like magic but you already know what's happening!

Tygerstrike said:

Really these guys are targetting newspapers?? They really are not that bright. We all know our media "spoonfeeds" us the information THEY deem important. So we tend to in general ignore what we see comming from a news outlet. We prefer to use the web. Less censoring. This may have been an attack to just see if they could do it. Reality is though they will have to work a LOT harder to get into the systems we would worry about.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.