The New York Times, Twitter and The Huffington Post UK were all targeted by the Syrian Electronic Army (SEA) last night.
The incident was the latest in a series targeting Western media sites but was described as being far more serious and sophisticated than previous hacks. A couple of our clients have shared their thoughts and research.
Director at AlienVault labs, Jaime Blasco said research showed the new attack had features indicating a secondary purpose to steal passwords from unwary web users trying to access the news site.
“Hackers who successfully break into MelbourneIT’s systems could potentially redirect and intercept emails sent to addresses under certain domains. Users of sites that don’t begin with ‘https’ could have been fooled into entering passwords that could have been captured.”
The New York Times was one of many sites hit by the SEA. Alienvault has since published a full list of all the sites targeted during the SEA’s latest raid.
Barry Shteiman, senior security strategist at Imperva, explained the hack further:
“Based on available resources, the New York Times hack is in fact a DNS service breach. If you go directly to NYT via their IP Address, the site is up and running. This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on 3rd public services to conduct their business. While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premise – it is a much harder practice when some of that infrastructure is provided by a third party like an ISP or a DNS Hoster.
At some point, CIO’s need to realize that critical pieces of their online entities are controlled by vendors and that security policy should apply to them as well.
Companies should create contingency plans, and check the security measurements taken by their 3rd party content and infrastructure providers. A DNS is unfortunately, a great example.”
He added that the success of these attacks means groups like the SEA will continue to operate in this way. “It makes lots of sense for a Hacktivist group that wishes to display their message and show that they exist – to go after high end media. The Syrian Electronic Army have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is in an essence, what Hacktivism is. There is no profit involved however making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after.”