Syrian Electronic Army Attacks Reuters
This post is also available in: 
עברית (Hebrew)
One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the Internet, and the control any nation can have over information dissemination has been eroded — on news Web sites but especially on open platforms such as Twitter and Facebook.
Witness the activities of the Syrian Electronic Army (SEA), a pro-Assad group of “hacktivists,” which despite limited resources managed to compromise one of the leading news agencies in the world. It wasn’t even the first time – it has already attacked the agency several times before, not to mention its other attacks on the Financial Times,Washington Post, New York Times, and Associated Press.
Where last year, for example, the SEA attack involved tweeting links to pro-Assad propaganda from the Reuters Twitter account, this time it targeted Reuters content directly. But instead of targeting the agency’s site, the hack attacked the news content that it hosts on the sites of a large number of media outlets.
This is not the first time the SEA had attacked in a way that compromised the trusted partners of the major media outlets. It did something similar to the New York Times last August.
iHLS – Israel Homeland Security
According to HomeLand Security News Wire In this most recent case, the SEA appears to have redirected viewers to the bogus pages by compromising advertising hosted by a Reuters partner site called Taboola. This could have serious consequences for Taboola’s other clients, who include Yahoo!, BBC Worldwide and Fox News; and will generally be great worry to many sites.
Another possibility for what lay behind the latest Reuters attack was one of the most common methods of compromise – a spear phishing e-mail, similar to the one that the SEA used to attack satirical site The Onion last year.
This involved a person in the company clicking on what seemed to be a link to a lead story from the Washington Post but turned out to be malicious. It re-directed the user to another site and then asked for Google Apps credentials. Once these had been keyed in, the SEA gained access to The Onion’s Web infrastructure and managed to post a story.
