Inside the Syrian Electronic Army Washington Post Attack

 
 
By Sean Michael Kerner  |  Posted 2013-08-17 Email Print this article Print
 
 
 
 
 
 
 
hacker

NEWS ANALYSIS: An online group with ties to Syrian President Bashar al-Assad attacked The Post. What happened and how can enterprises avoid being victims of similar attacks?

The attack on The Post exposes the complexity that exists on the modern Web and the diversity of security threats that it brings, Adams said. Often, it's not sufficient just to secure a primary site; companies must make sure all the trusted third-parties that place ads, widgets or other services on the site are secure, as well, he added.

Outbrain is entirely responsible for this attack, and they should address the issues with how they secure their own product to keep customers, and ultimately consumers, safe, Adams said.

"Once Outbrain was compromised, it would have taken the attackers just a few extra clicks to scale the attack far beyond a single customer of the company," Adams said.

Outbrain has now secured its network and verified the integrity of its code, Yaron Galai, the company's CEO, said in an Aug. 15 blog post.

Where Will SEA Strike Next?

Though The Washington Post and Outbrain have deflected the current attack, it is likely that the SEA will strike again.

"For the SEA's primary targets, which include mainstream media and any group perceived as supporting Western values, organizations should be particularly vigilant in monitoring for phishing attacks and SQL injection, as these are primary vectors for attack for the SEA," Lancaster said.

At-risk groups should enforce strong password policies, maintain unique passwords for each social media site and closely monitor corporate Websites for any out-of-process changes, Lancaster said. The use of two-factor authentication for social media sites is also a good best practice to further help reduce the risk of exploitation, he added.

"Attackers leveraging ad networks to distribute malware is not new, and care must be taken to ensure that the content pushed through from these third parties is not malicious," Lancaster said. "Today, global media organizations and individuals with access to those organizations' social media accounts should be considered high-risk targets and should operate with a high level of caution."

The success with which the SEA has been able to attack media sites to date is a leading indicator for Lancaster that the attacks will continue into the future.

"When a group is highly successful using techniques that are relatively easy to execute with little to no threat of retaliation from the victims, we do not expect the attacks to stop," Lancaster said. "In fact, the frequency and value of targets may increase."

Shutting down the SEA is not an easy task either, given the global nature of the Internet.  Lancaster noted that a number of SEA domains, including syrian-es.com, syrian-es.org and syrian-es.net, have been shuttered. Fifteen of the SEA's Twitter accounts have been suspended, and a sixteenth is likely to be shut down as well.

The highly visible attacks by the SEA began during the Arab Spring with increasing geo-political tensions in Syria, Lancaster said. "These tensions have not eased, and as this is a primary motivator of the group, we do not anticipate its attacks stopping until the unrest in Syria comes to an end," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.



 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel