Syrian Electronic Army Returns With Newspaper Hack

Tom Jowitt,

The pro-Assad hacker group SEA strikes back with a hack against a number of Western media websites

The Syrian Electronic Army (SEA), the Syrian and pro-Assad hacking collective, has returned with a new offensive after something of a quiet period.

Its latest hack has compromised the websites of a number of Western media companies, as well as a number of other targets.

SEA Hack

The SEA hack is known to have affected the websites of the Independent, the Daily Telegraph, OK magazine, the London Evening Standard, as well as the New York Daily News and a number of other western media companies. The SEA hack also compromised the Canadian unit of American retailer Wal-Mart, as well as the National Hockey League in the United States.

Syrian Electronic ArmySome visitors to these websites were reportedly presented with a Javascript popup that read: “You’ve been hacked by the Syrian Electronic Army (SEA).” Some users were then redirected to the SEA’s logo, an image of an eagle bearing the Syrian flag and a message in Arabic.

The SEA confirmed the hack when it posted on its Twitter feed a thanksgiving message to the United States. “Happy thanks giving, hope you didn’t miss us! The press: Please don’t pretend #ISIS are civilians. #SEA”

So how was the group able to penerate so many targets? Well, it seems that once again, the group apparently exploited a fault with a content delivery network (CDN). In June this year the group defaced a piece of Reuters’ website by targeting the ad network supplying adverts for the news network.

The finger of blame has been pointed at Gigya’s CDN that businesses use to help identify who visits their websites. The SEA reportedly accessed the GoDaddy account of gigya.com. Gigya said a breach at its domain registrar, GoDaddy, resulted in traffic to its site being redirected, but that the problem had since been fixed.

“An initial inquiry has revealed that there was a breach at our domain registrar that resulted in the WHOIS record of gigya.com being modified to point to a different DNS server,” blogged Gigya CEO Patrick Salyer.

High Profile Attacks

“That DNS server had been configured to point Gigya’s CDN domain (cdn.gigya.com) to a server controlled by the hackers, where they served a file called “socialize.js” with an alert claiming that the site had been hacked by the Syrian Electronic Army,” he wrote. “To be absolutely clear: neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised.”

The SEA has made a name for itself by attacking high profile targets in the past couple of years.

The group has sympathies for the Bashar al-Assad regime in Syria. Previous targets include the Guardian, CNN, the Washington Post, and Reuters.

How well do you know network security? Try our quiz and find out!