Syrian Electronic Army Targets Reuters Via Ad Network

Thomas Brewster,

Many more could be in danger as popular ad network hacked, says researcher

The Syrian Electronic Army hacking collective has returned to deface a piece of Reuters’ website by targeting the ad network supplying adverts for the news network.

Anyone who visited a news story entitled ‘Attack from Syria kills teen on Israeli-occupied Golan, Israel says’ would have been redirected to a site owned by the Syrian Electronic Army.

That page would call for the end of “fake reports and false stories about Syria”, claiming the UK government was supporting “terrorists in Syria to destroy it”.

Ad network compromised by Syrian Electronic Army

Syrian uprising vector © Memi - FotoliaA New York-based advertising network Taboola, which was serving code on the Reuters website, was hacked by SEA and that’s how the group could redirect visitors, said security researcher Frederic Jacobs.

“It is still unclear how Taboola was compromised but given SEA’s track record, phishing would be my first guess,” Jacobs said in a post on Medium.

He suspected the Syrian Electronic Army used Google phishing templates to trick users into giving up their passwords for Google Apps.

Jacobs also believes SEA could do much more damage if they still control Taboola systems.

“By compromising Taboola, the value of the compromise is significantly higher than just compromising Reuters,” he added.

“Taboola has 350 million unique users and has partnerships with world’s biggest news sites including Yahoo!, the BBC, Fox News, the New York Times… Any of Taboola’s clients can be compromised anytime now.”

In a blog post, Taboola CEO Adam Singolda admitted to the breach, saying it was detected at approximately 7:25am and fully removed at 8am. “There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes.

“While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours.”

The Syrian Electronic Army also posted an image that appeared to show it had compromised Taboola’s PayPal account. The company had not responded to a request for further information on the breach.

Concerned users have been recommended to use tools like Disconnect that can stop ads running on their computer, as this would prevent the malicious code from running.

Reuters and various other publications have been hacked by the Syrian Electronic Army, which has sympathies for the Bashar al-Assad regime, over the last year.

How well do you know network security? Try our quiz and find out!