Categories: SecurityWorkspace

Syrian Electronic Army Targets Reuters Via Ad Network

The Syrian Electronic Army hacking collective has returned to deface a piece of Reuters’ website by targeting the ad network supplying adverts for the news network.

Anyone who visited a news story entitled ‘Attack from Syria kills teen on Israeli-occupied Golan, Israel says’ would have been redirected to a site owned by the Syrian Electronic Army.

That page would call for the end of “fake reports and false stories about Syria”, claiming the UK government was supporting “terrorists in Syria to destroy it”.

Ad network compromised by Syrian Electronic Army

A New York-based advertising network Taboola, which was serving code on the Reuters website, was hacked by SEA and that’s how the group could redirect visitors, said security researcher Frederic Jacobs.

“It is still unclear how Taboola was compromised but given SEA’s track record, phishing would be my first guess,” Jacobs said in a post on Medium.

He suspected the Syrian Electronic Army used Google phishing templates to trick users into giving up their passwords for Google Apps.

Jacobs also believes SEA could do much more damage if they still control Taboola systems.

“By compromising Taboola, the value of the compromise is significantly higher than just compromising Reuters,” he added.

“Taboola has 350 million unique users and has partnerships with world’s biggest news sites including Yahoo!, the BBC, Fox News, the New York Times… Any of Taboola’s clients can be compromised anytime now.”

In a blog post, Taboola CEO Adam Singolda admitted to the breach, saying it was detected at approximately 7:25am and fully removed at 8am. “There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes.

“While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours.”

The Syrian Electronic Army also posted an image that appeared to show it had compromised Taboola’s PayPal account. The company had not responded to a request for further information on the breach.

Concerned users have been recommended to use tools like Disconnect that can stop ads running on their computer, as this would prevent the malicious code from running.

Reuters and various other publications have been hacked by the Syrian Electronic Army, which has sympathies for the Bashar al-Assad regime, over the last year.

How well do you know network security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UN Body To Protect Subsea Cables Holds First Meeting

United Nations body to protect undersea communications cables that are crucial for international trade and…

17 hours ago

Meta Donates $1 Million To Donald Trump Inauguration Fund

Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…

18 hours ago

US To Raise Tariffs On Chinese Solar Wafers, Polysilicon, Tungsten

Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products

19 hours ago

Australia To ‘Charge’ Tech Firms For News Content, After Meta Ends Licensing Deal

News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…

20 hours ago