Washington Post, CNN and Time websites hit by pro-Assad hackers
By Dave Lee
Websites belonging to the Washington Post, CNN, and Time magazine have been attacked by supporters of Syrian President Bashar al-Assad.
Some links on the sites redirected readers to the website of the Syrian Electronic Army (SEA).
The breach was the result of a security failure at a firm which provides a link recommendation service that all three sites used.
Outbrain said its staff had fallen victim to a spoof email.
The SEA has hit several media companies in recent months, most frequently by hijacking their social media accounts.
But in this attack the group managed to go one step further by manipulating the links that appeared on the media groups’ own webpages.
Shortly after the attack became apparent the New York-based firm powering those links blogged: “We are aware that Outbrain was hacked earlier today and we took down service as soon as it was apparent.”
Outbrain resumed its service about seven hours later.
CNN told the BBC: “The security of a vendor plug-in that appeared on CNNi.com was briefly compromised today.
“The issue was quickly identified and plug-in disabled. Neither CNN.com nor CNNi.com were penetrated directly.”
The Washington Post’s managing editor Emilio Garcia-Ruiz later said that this was not thought to be the SEA’s only attack on his newspaper this week.
“A few days ago, the Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information,” he wrote.
“The attack resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message.
“For 30 minutes this morning, some articles on our web site were redirected to the Syrian Electronic Army’s site. The Syrian Electronic Army, in a tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. Read more in the BBC.