Hasta La Gadget!

Over the last several weeks the Syrian Electronic Army has made a nuisance of itself (again), serving as a sort of annoying prankster who is repeatedly ordered to go stand in the corner. The organization is reportedly responsible for quite a number of hacks, with The Onion having been one of its unlucky victims. The humor website pinpointed the source of its infiltration and has revealed precisely how it happened, adding in a few pieces of advice for other media outlets to help combat the attacks.

Last month, the Syrian Electronic Army claimed credit for a few different compromised accounts. On April 21, the organization said it was responsible for the hacking of several CBS Twitter accounts, and a week later it went after The Guardian’s Twitter accounts, sending out tweets in its own favor. It didn’t take long for another compromised account to surface, this time being E! Online’s Twitter account, where the hackers spread false information about singer Justin Bieber before proclaiming in another tweet that fans had been trolled.

Its latest target was The Onion, which was digitally infiltrated this past Monday by the SEA, something that was originally suspected to be a joke given the nature of the company. That notion was laid to rest on Wednesday when The Onion posted a series of screenshots and URLs detailing precisely how the organization compromised its Twitter account, revealing that the hack – as with previous ones – had been accomplished via a few different phishing methods.

The attack was initiated via emails sent to The Onion employees containing a link that, with a quick glance, appeared to be from The Washington Post on content about The Onion. When clicked, however, the link took the recipient to the URL “hackwordpresssite.com/theonion.php,” which then redirected again to one requesting Google App login information, after which point it took the victim full circle back to Gmail. Only a few employees received the emails, and at least one was fooled by it, resulting in the second phase of the attack.

Using the employee’s compromised email, the SEA sent messages to other The Onion employees early in the morning containing another link that again requested Google login information. Of those targeted, one of the individuals who fell for it had the login information for The Onion’s social media accounts, including Twitter.

The Onion notified employees of the breech and sent emails instructing workers to reset their passwords, unaware that one of their accounts was still compromised. Via that account, the SEA sent an email to all but those involved in the IT department with a link said to be a password-reset URL. A couple people fell for the second link, with both of their accounts then being used by the hackers to take control of The Onion’s Twitter account. Because of this, the company required all Google Apps passwords to be reset company wide, but not before posting a humorous jab at the SEA.

In summary, The Onion advises other media companies to avoid such attacks by taking such steps as employee education on phishing, isolating social media account logins, feeding tweets through a third-party application, and having access to all employees outside of corporate email accounts.

SOURCE: The Onion

The Onion pegs Syrian Electronic Army hacks on phishing schemes is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The Syrian Electronic Army strikes again, and this time, their target was both E! Online and Justin Bieber. In a series of tweets, the SEA stated that Justin Bieber was coming out of the closet and admitting to his homosexuality in an E! Online exclusive. The group provided links following those tweets, presumably to malware infested sites. The SEA finished up their practical joke with the tweet, “The Syrian Electronic Army was here! Fans of @justinbieber, you have been trolled.”

The fake tweets resulted in a huge wave of responses from Justin Bieber’s followers. Many were shocked, many were “not surprised”, and many were indifferent. Hacking E! Online is a strange change of pace for the Syrian Electronic Army, who normally goes after news publications and human rights organizations. But its attack was foreshadowed with a recent tweet dated May 1st that said, “The next target will be different…”

E! Online is the latest victim in the Syrian Electronic Army’s attacks, but it most certainly isn’t the last. Twitter knows that as well, and has informed everyone to make sure their password is complicated and secure, and that news publications keep their passwords out of their emails. Twitter recently went to battle with the SEA by deleting their Twitter accounts, but seeing as Official_SEA12 is still up, Twitter probably assumed their attempts were futile.

Twitter is also in the process of developing a two-factor authentication system that should dramatically reduce the amount of account hacks, but the company has yet to reveal a launch date for the service. The SEA has already targeted many other accounts, such as several of CBS’s accounts, BBC’s accounts, NPR’s accounts, The Guardian’s accounts, and many more. It won’t be too long now before another group is added onto the list.

[via Business Insider]

Syrian Electronic Army takes over E! Online’s Twitter Account is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

When hackers do cyber-battle, there isn’t much to see. Maybe you’ll wind up on a crashed website, but the real carnage is happening behind the scenes, perpetrated by a diffuse army of computers a world away. This is what it looks like. More »

The Associated Press’s Twitter account was hacked today after a tweet was sent out from the account that read, “Breaking: Two Explosions in the White House and Barack Obama is injured.” The Associated Press responded shortly after saying that its Twitter account had been compromised, and now the account has been suspended, but it should be back up shortly after Twitter and the AP resolve the issue.

The fake tweet was noticed by the AP fairly quickly, and several of their other Twitter accounts tweeted out that the hacked AP tweet was indeed bogus. However, many people were quick to shoot down the claim anyway, since the tweet wasn’t in AP style formatting in the first place, and no other mainstream news outlets were reporting on it.

The AP always puts “breaking” in all caps in their tweets, and they also use a service called SocialFlow to publish their tweets, whereas the fake tweet was sent out through the “web,” meaning it was sent through Twitter’s website rather than a third-party service like SocialFlow. Plus, the tweet was in title case, which the AP and other news sources never use.

In the end, it took only three minutes for the fake tweet to be officially denied by the AP, with the account being suspended just four minutes later. This is quite a fast response, but we shouldn’t expect nothing less of a news source like the AP, who is constantly keeping an eye on their social media feeds.

[via The Next Web]

AP Twitter account hacked with fake White House explosion claim is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

After the Syrian Electronic Army took over several of CBS’s Twitter accounts recently, Twitter has focused its priorities on taking the hackers down, well at least their Twitter accounts. Twitter proceeded to shut down the SEA’s official Twitter account, and the hackers responded by creating another Twitter account named @Official_SEA. This quickly led to a back-and-forth ban/account-creation battle between the two entities.

At this point, the Syrian Electronic Army is up to their 6th alternative account, which has yet to be banned. However, the SEA didn’t stop just there. With their current Twitter account, they tweeted an image of a data dump that contained personal information belonging to Joseph “Sepp” Blatter, the President of FIFA, the international governing body of football. Blatter’s email address, phone number and fax number were all leaked.

Not only did they leak his personal information, the SEA made claims that it was the group that had hacked into Blatter and the FIFA World Cup’s Twitter accounts. On those accounts, the group released tweets saying that Blatter conspired with Qatar against the Syrian football team. Other tweets said that Blatter took bribes, and that he was going to step down from his position due to corruption charges.

A few days ago, the SEA hacked into several of CBS’s Twitter accounts, including its accounts for 60 Minutes, 48 Hours, and CBSDenver. The hackers tweeted things associated with President Obama and the U.S. being in bed with Al-Qaeda. The group is also responsible for hacking 3 of BBC’s Twitter accounts, NPR’s Twitter accounts, the website/Twitter account belonging to the Human Rights Watch and more. Many security officials have asked Twitter to implement a two-factor authentication system into its service to keep hackers like the SEA at bay.

[via Information Week]

Twitter and Syrian Electronic Army go to battle is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.