Attacks/Breaches
4/29/2013
08:58 AM
Connect Directly
RSS
E-Mail
50%
50%

Syrian Hacktivists Hit Guardian Twitter Feeds

Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The Syrian Electronic Army (SEA) announced Sunday that it took over 11 Twitter feeds belonging to Britain's Guardian newspaper, including its book, film, photography and travel feeds, as well as multiple journalists' accounts. It also posted passwords -- composed of 15 randomized characters -- it claimed were for four of the compromised accounts.

By Monday, many of the accounts were suspended by Twitter, although SEA appeared to still be compromising additional accounts, including the Guardian's business feed. "Follow the Syrian Electronic Army ... Follow the truth!" read a message posted to some compromised Twitter accounts.

"We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this," said a Guardian News & Media spokeswoman via email. She declined to comment on how the accounts had been compromised.

[ Worried about your Twitter account getting hacked? Read Twitter Trouble: 9 Social Media Security Tips. ]

The SEA said the disruptions were made to protest the newspaper's "lies and slander about Syria," according to a statement posted to the group's website. Some accounts also had their profiles changed to display a graphic of an eagle bearing the flag of the Syrian Arab Republic, which is used by parties loyal to the current Syrian regime, which is led by President Bashar al-Assad and the Ba'ath Party.

A two-year civil war in Syria has claimed an estimated 70,000 lives to date. The White House in recent days said that U.S. intelligence reports have suggested that the nerve agent sarin may have been used on a "small scale" by Assad supporters against their opponents, reported the Guardian.

The SEA has previously attacked news organizations -- including the BBC and Qatari-backed al-Jazeera TV -- over coverage that the group deemed to be unfavorable to the current Assad regime. Tuesday, notably, the SEA posted a hoax tweet via an Associated Press Twitter feed saying that President Obama had been injured in explosions at the White House. The tweet has been blamed for triggering a temporary downturn in the stock market.

The AP has yet to confirm how its Twitter accounts were compromised, although some news reports said that an SEA-conducted phishing campaign was responsible. Security experts, however, have said that the group has employed a variety of account-takeover tactics. "In many cases, the SEA carries out their attacks in a manner that is difficult to detect," said Ted Ross, the executive technologist at HP Security's Office of Advanced Technology, in a recent blog post rounding up what's known about the Syrian Electronic Army.

The group's tactics also continue to evolve. "The SEA has kind of shifted from actively defacing websites they perceive hostile to the Syrian regime to mostly compromising Twitter accounts of media organizations," Helmi Noman, a senior researcher at Toronto University's Citizen Lab, told NBC News.

The AP account compromise lead to reports that Twitter is now testing a two-factor authentication system internally, which it plans to roll out at an unspecified date. But security experts have warned that such a system still wouldn't protect Twitter users from having their accounts compromised via malware or phishing attacks.

The SEA has recently been engaging in a cat-and-mouse game with Twitter, which has been suspending the group's own accounts -- recently named "@Official_SEA" followed by a number -- almost as quickly as they've been used to boast of compromised targets.

That level of account churn has left the Syrian Electronic Army vulnerable to its opponents. "The Syrian Electronic Army use to be Pro-Assad, since he used chemical weapons against our brothers and sisters, no more, Assad is a Ass!" read a Saturday tweet from the @Official_SEA7 account Saturday. "OK so you need to unfollow @SEA_Official8 and @SEA_Official7, the correct one is @Official_SEA7."

But a message posted Monday to @Official_SEA12 -- an account registered late Sunday and cross-referenced from the SEA's own website -- said that @Official_SEA7 was "a fake account."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.