Washington Post & CNN hacked by Assad supporters
Posted: Thu Aug 15, 2013 11:50 pmBBC News
Websites belonging to the Washington Post, CNN, and Time have been attacked by supporters of Syrian President Bashar al-Assad.
Some links on the sites were redirecting readers to the website of the Syrian Electronic Army (SEA).
The breaches have been blamed on a third-party link recommendation service that all three sites used.
The SEA has hit several media companies in recent months, mostly via social media.
In this attack, the group was able to manipulate links served by content recommendation service Outbrain, which was taken offline.
The firm blogged: "We are aware that Outbrain was hacked earlier today and we took down service as soon as it was apparent.
"The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely."
CNN told the BBC: "The security of a vendor plug-in that appeared on CNNi.com was briefly compromised today.
"The issue was quickly identified and plug-in disabled. Neither CNN.com nor CNNi.com were penetrated directly."
The Washington Post said it was "working to resolve the issue".
'Dangerous'
Time spokesman Daniel Kile said that while the Outbrain-powered module on Time's pages had been manipulated, the website itself had not been directly affected.
"At this time it does not appear that Time has been hacked," he told the BBC, "but we are looking into it further."
One security expert described the hack as "dangerous".
"This is the kind of technique that hackers use to distribute malware," said Chester Wisniewski, senior security advisor at Sophos.
"In this case it may only be sending you to the Syrian Electronic Army's website but it could also be used to install viruses or copy cookies to try and later impersonate a visitor."
Earlier this week, the SEA also hit the Facebook and Twitter accounts of the New York Post.
On Wednesday the New York Times website went offline but it indicated this was not a hack but rather an "internal issue".
A spokeswoman said: "The outage occurred within seconds of a scheduled maintenance update, which we believe was the cause."
One industry consultant said the media was facing a growing problem.
"It is a reminder that while digital news organisations have lower distribution costs, those of technology and security are greater," said Douglas McCabe from Enders Analysis.
"The technology sophistication required to protect sites is continuously growing. The commercial and editorial implications of down periods during major news events are clearly far-reaching."
http://www.bbc.co.uk/news/technology-23712007
Websites belonging to the Washington Post, CNN, and Time have been attacked by supporters of Syrian President Bashar al-Assad.
Some links on the sites were redirecting readers to the website of the Syrian Electronic Army (SEA).
The breaches have been blamed on a third-party link recommendation service that all three sites used.
The SEA has hit several media companies in recent months, mostly via social media.
In this attack, the group was able to manipulate links served by content recommendation service Outbrain, which was taken offline.
The firm blogged: "We are aware that Outbrain was hacked earlier today and we took down service as soon as it was apparent.
"The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely."
CNN told the BBC: "The security of a vendor plug-in that appeared on CNNi.com was briefly compromised today.
"The issue was quickly identified and plug-in disabled. Neither CNN.com nor CNNi.com were penetrated directly."
The Washington Post said it was "working to resolve the issue".
'Dangerous'
Time spokesman Daniel Kile said that while the Outbrain-powered module on Time's pages had been manipulated, the website itself had not been directly affected.
"At this time it does not appear that Time has been hacked," he told the BBC, "but we are looking into it further."
One security expert described the hack as "dangerous".
"This is the kind of technique that hackers use to distribute malware," said Chester Wisniewski, senior security advisor at Sophos.
"In this case it may only be sending you to the Syrian Electronic Army's website but it could also be used to install viruses or copy cookies to try and later impersonate a visitor."
Earlier this week, the SEA also hit the Facebook and Twitter accounts of the New York Post.
On Wednesday the New York Times website went offline but it indicated this was not a hack but rather an "internal issue".
A spokeswoman said: "The outage occurred within seconds of a scheduled maintenance update, which we believe was the cause."
One industry consultant said the media was facing a growing problem.
"It is a reminder that while digital news organisations have lower distribution costs, those of technology and security are greater," said Douglas McCabe from Enders Analysis.
"The technology sophistication required to protect sites is continuously growing. The commercial and editorial implications of down periods during major news events are clearly far-reaching."
http://www.bbc.co.uk/news/technology-23712007