Total Pageviews

Friday, May 10, 2013

Details Emerge About Syrian Electronic Army’s Recent Exploits

At The Onion it’s all fun and games, except when the company’s Twitter account gets hacked.

This week, after the parody site became the latest publication to have its Twitter account hacked by the Syrian Electronic Army, The Onion took a more serious note, explaining in a detailed blog post how the company’s account was hacked, and warning others how to avoid the exploit.

In the blog post, Onion engineers explained that the company’s Twitter account was hacked using a basic phishing exploit, where a false e-mail redirected people to a fake Web site which then asked for Google Apps credentials.

“At least one Onion employee fell for this phase of the phishing attack,” the company said.

Exposing details about an attack is not the normal approach companies take after they are hacked. The New York Times revealed earlier this year how Chinese hackers breached its systems, but that was an anomaly. Most companies fear what such disclosures will do to their reputations, or their stock price.

The Associated Press, for example, has remained silent after its Twitter account was hijacked and a fake message was posted about explosions at the White House.

In recent attacks on The A.P., Human Rights Watch, and the Onion, the group used sophisticated ”spearphishing”attacks to break into each organization. Employees received similarly worded e-mails, asking them to click on a fake news article that then redirected them to a fake Google Mail or Microsoft Webmail site where they were asked to re-enter their username and password.

The hackers used their login credentials to send e-mails to other employees from their inboxes until they found people with access to the organization’s social media accounts. Once inside those people’s inboxes, the hackers reset their Twitter passwords, giving them exclusive access to the account, until Twitter could suspend it. In the case of The A.P., a single Tweet was sufficient to nearly crash the stock market.

One hacker, who identifies himself only by his hacker handle Th3 Pr0, said the group attacked The A.P. because the Syrian Electronic Army believed the United States was “supporting the terrorist groups in Syria” and because the United States had seized its Web domains. Th3 Pr0 said the group was able to trick more than 50 A.P. employees to click on its malicious link, including a handful of the organization’s social media editors. Th3 Pr0 sent The New York Times several screenshots taken during the AP attack to prove the Syrian Electronic Army, or S.E.A., was behind it.

Security researchers tracking the hackers also confirmed the group was responsible. According to forensics reports, several recent Twitter hacks by the group, including an attack on Human Rights Watch last March and The Onion this week, were orchestrated from the same Internet addresses in Russia. But they believe those addresses are a proxy that masks the true origin of the attacks, which they say, is in Syria.

“From examining the details of this incident, as well as those effecting The A.P., Guardian and others, it’s clear that the S.E.A. is not using complex methods of attack,” The Onion’s tech team wrote. “All of the hacks so far have been a result of simple phishing, or possibly dictionary attacks â€" all of which are preventable with a few simple security measures.”

Among the tactics that can be used to ward off attacks, the engineers note that people should be aware of suspicious links and setting up a Twitter account on a different e-mail address than the one belonging to your organizations.

But The Onion has also managed to have a little fun at its own expense this week posting a satirical article on its hacking, titled: “Onion Twitter Password Changed To OnionMan77: ‘That Ought To Do It,’ Company Sources Confirm.” Then it posted another piece making fun of the hackers.