Hackers breach Outbrain feeds to spread their message across major media websites
The Syrian Electronic Army has found another avenue to attack Western media organisations, breaching a content partner of the Washington Post, Time, CNN and others to spread the pro-President Bashar al-Assad message.
Outbrain provides feeds of relevant links to content across the Internet within other web pages [including those of TechWeekEurope]. The Syrian Electronic Army breached it and used the Outbrain system to post its own selection of links in the Outbrain widget on the massively popular US sites.
Syrian Electronic Army claims more victims
To get into Outbrain in the first place, the hackers used typical spear phishing techniques, sending out emails to Outbrain staff that appeared to come from the CEO. Workers were tricked into handing over login credentials, which were used to access Outbrain systems and change content.
The attackers placed messages in the Outbrain feeds, which claimed the relevant site had been “hacked by SEA”.
Washington Post managing editor Emilio Garcia-Ruiz said the Syrian Electronic Army had also targeted the paper itself with spear phishing emails, and had hijacked a staff writer’s personal Twitter account.
“For 30 minutes this morning, some articles on our website were redirected to the Syrian Electronic Army’s site,” he explained.
Outbrain said it had resolved the issue, and Garcia-Ruiz said the Washington Post had “taken defensive measures and removed the offending module”.
The Syrian Electronic Army has been busy of late, taking over the New York Post Twitter and Facebook accounts, as well as social media profiles of journalists.
The group hacked Channel 4 presenter Jon Snow’s blog earlier this month, posting fake stories about nuclear bombs going off in Syria.
What do you know about Internet security? Find out with our quiz!