Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by the Syrian Electronic Army (SRA) in support of President Bashar al-Assad. All three sites concerned apparently used a single link recommendation service called Outbrain, and it seems that a social engineering attack there led to the successful breach.
Outbrain announced yesterday that "we have fully secured the network and resumed service. If you have additional questions about the incident, please do not hesitate to contact us" and stated that it would be "compiling a fuller brief on the episode to share with anyone who would like more information. If you want to receive the brief, please email publishersupport@outbrain.com".
The Washington Post has apparently also come under attack using targeted social engineering and advanced phishing tactics earlier in the week, before the Outbrain plug-in breach, and the SEA had some success in compromising account password security. Managing Editor Emilio Garcia-Ruiz admits "the attack resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message." The SEA have had quite some success in compromising the social media accounts of the media, with the New York Post also seeing Facebook and Twitter accounts posting similar messages.
Darien Kindlund, Threat Intelligence Manager at security vendor FireEye notes that the Syrian Electronic Army is "a prolific hacker group loyal to Syrian President Bashar al-Assad. Its campaign began in mid-2011, and includes DDoS attacks, phishing, pro-Assad defacements and spamming against governments, online services, and media that are perceived hostile to the Syrian government".
Barry Shteiman, Senior Security Strategist at another security outfit, Imperva, points out that “it makes a lot of sense for a hacktivist group that wishes to display their message and show that they exist to go after high end media. They have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness".