Attacks/Breaches
4/29/2013
08:58 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Syrian Hacktivists Hit Guardian Twitter Feeds

Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The Syrian Electronic Army (SEA) announced Sunday that it took over 11 Twitter feeds belonging to Britain's Guardian newspaper, including its book, film, photography and travel feeds, as well as multiple journalists' accounts. It also posted passwords -- composed of 15 randomized characters -- it claimed were for four of the compromised accounts.

By Monday, many of the accounts were suspended by Twitter, although SEA appeared to still be compromising additional accounts, including the Guardian's business feed. "Follow the Syrian Electronic Army ... Follow the truth!" read a message posted to some compromised Twitter accounts.

"We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this," said a Guardian News & Media spokeswoman via email. She declined to comment on how the accounts had been compromised.

[ Worried about your Twitter account getting hacked? Read Twitter Trouble: 9 Social Media Security Tips. ]

The SEA said the disruptions were made to protest the newspaper's "lies and slander about Syria," according to a statement posted to the group's website. Some accounts also had their profiles changed to display a graphic of an eagle bearing the flag of the Syrian Arab Republic, which is used by parties loyal to the current Syrian regime, which is led by President Bashar al-Assad and the Ba'ath Party.

A two-year civil war in Syria has claimed an estimated 70,000 lives to date. The White House in recent days said that U.S. intelligence reports have suggested that the nerve agent sarin may have been used on a "small scale" by Assad supporters against their opponents, reported the Guardian.

The SEA has previously attacked news organizations -- including the BBC and Qatari-backed al-Jazeera TV -- over coverage that the group deemed to be unfavorable to the current Assad regime. Tuesday, notably, the SEA posted a hoax tweet via an Associated Press Twitter feed saying that President Obama had been injured in explosions at the White House. The tweet has been blamed for triggering a temporary downturn in the stock market.

The AP has yet to confirm how its Twitter accounts were compromised, although some news reports said that an SEA-conducted phishing campaign was responsible. Security experts, however, have said that the group has employed a variety of account-takeover tactics. "In many cases, the SEA carries out their attacks in a manner that is difficult to detect," said Ted Ross, the executive technologist at HP Security's Office of Advanced Technology, in a recent blog post rounding up what's known about the Syrian Electronic Army.

The group's tactics also continue to evolve. "The SEA has kind of shifted from actively defacing websites they perceive hostile to the Syrian regime to mostly compromising Twitter accounts of media organizations," Helmi Noman, a senior researcher at Toronto University's Citizen Lab, told NBC News.

The AP account compromise lead to reports that Twitter is now testing a two-factor authentication system internally, which it plans to roll out at an unspecified date. But security experts have warned that such a system still wouldn't protect Twitter users from having their accounts compromised via malware or phishing attacks.

The SEA has recently been engaging in a cat-and-mouse game with Twitter, which has been suspending the group's own accounts -- recently named "@Official_SEA" followed by a number -- almost as quickly as they've been used to boast of compromised targets.

That level of account churn has left the Syrian Electronic Army vulnerable to its opponents. "The Syrian Electronic Army use to be Pro-Assad, since he used chemical weapons against our brothers and sisters, no more, Assad is a Ass!" read a Saturday tweet from the @Official_SEA7 account Saturday. "OK so you need to unfollow @SEA_Official8 and @SEA_Official7, the correct one is @Official_SEA7."

But a message posted Monday to @Official_SEA12 -- an account registered late Sunday and cross-referenced from the SEA's own website -- said that @Official_SEA7 was "a fake account."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web