12:04 PM

Who Is Syrian Electronic Army: 9 Facts

Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
7 of 9

How does the Syrian Electronic Army compromise targeted Twitter or Facebook accounts? According to an account published by the Onion, the attackers used spear-phishing emails that included an apparent link to a Washington Post story, but which really lead to a malicious website that requested users input their Gmail credentials. Attackers then used that information to gain access to Twitter accounts with that email on file.

While no other media outlets have offered details of how they were compromised, security experts suspect that phishing attacks were also used against AP and Human Rights Watch, with the phishing email links redirecting to Google or Microsoft webmail sites.

In the wake of the AP breach, Twitter was reportedly testing a two-factor authentication system. Once implemented, such a system should make it more difficult for attackers to compromise accounts via spear-phishing attacks.

The Syrian Electronic Army, however, has promised to continue compromising Twitter accounts. "It will definitely make it harder on Twitter, but this was never our primary attack vector," said the Shadow. "Nevertheless, there are still some security holes in Twitter's model that we hope to exploit in the future so no one should get too comfortable, we are not going to give up."


Anonymous OpUSA Hackathon: Mostly Bluster

Twitter Battles Syrian Hackers

Twitter Preps Two Factor Authentication After AP Hoax

How Syrian Electronic Army Unpeeled The Onion

Syrian Hacktivists Hit Guardian Twitter Feeds

Syria Back Online After Internet Blackout

7 of 9
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-02
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.

Published: 2015-10-02
Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

Published: 2015-10-02
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

Published: 2015-10-01
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Published: 2015-10-01
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.