The Washington Post’s website was hacked Thursday morning by a group that is sympathetic to Syrian President Bashar al-Assad. The publication was compromised for roughly half an hour, sending some users to the hackers’ website when they clicked on foreign-news stories.
Members of the hacker collective known as the Syrian Electronic Army (SEA) claimed responsibility for the attack via Twitter. They were able to gain access to the site’s backend through a staff writer’s computer that had fallen victim to a sophisticated phishing attempt according to managing editor Emilio Garcia-Ruiz.
Earlier this week, the person or persons behind the attack sent e-mails to Washington Post inboxes that appeared to originate from other Post colleagues. The messages contained a link that instructed recipients to provide log-in data. It appears that at least one Post writer fell for the scam, giving the hacker group the necessary login credentials to launch today’s attack.
In the tweet published this morning, the SEA also claimed to have hacked CNN and Time magazine collectively through ad network Outbrain. True enough, Outbrain said in a tweet of their own that they were having a problem with their network earlier today.
The SEA has claimed responsibility for a number of high profile hacks this year. In April, the group successfully hijacked the Associated Press’ Twitter account and published a message claiming the White House was under attack and the president had been injured. Just last month, they managed to hack into a backup database belonging to popular video and text messaging app Tango. It was believed at the time that as much as 1.5TB of data was compromised in the attack.