Security Watch

Keeping Track of patches and hacks in the IT security world.

Syrian Electronic Army Took Aim at U.S. Army Website

Digital hacking group Syrian Electronic Army once again gained temporary control of a Website—this time the U.S. Army's site. Why did this happen?

U.S. Army website

The Syrian Electronic Army (SEA), a digital hacking group loosely aligned with the government of Syrian President Bashar al-Assad, is claiming responsibility for an attack against the Website operated by the U.S. Army.

The attack occurred on June 8 and was a defacement of the site that triggered multiple pop-up messages, including one that stated, "Your commanders admit they are training the people they have sent you to die fighting." The Army site was offline and unavailable briefly on June 8 and has since been fully restored.

As of June 10, the Army site is fully operational, and there is no mention whatsoever on the public site that the incident ever took place. Although it's unclear at this time precisely how the attack occurred, there are a number of common attack vectors that the SEA and other attacker groups use to get control of a given domain. One common tactic is via some form of Domain Name System (DNS) redirection that enables attackers to gain access to a domain registrar and then change the DNS settings so the site will point to a different IP address. That's what happened in the Lenovo site defacement earlier this year by the hacker group Lizard Squad.

DNS redirection apparently, however, is not the root cause for the attack on the Army site as far as publicly available records show. A Netcraft search for the shows that the domain has been at the same IP address since at least August 2014. The SEA itself claimed in a tweet that it somehow got control of the Army site via the Limelight Content Delivery Network (CDN). That claim has not been confirmed by any third-party source, including Limelight, at this time.

SEA has been active in recent years going after multiple organizations, including Microsoft's Skype service in 2014, and attacks against media outlets, such as The Washington Post and The New York Times in 2013. In The New York Times incident, DNS records were the attack vector the SEA used while the Skype attack allegedly was executed via phished credentials.

The simple truth is that there are a lot of different ways the SEA, or any attacker for that matter, could potentially get access to any Website.

The U.S. government in now mandating the use of HTTPS-Only across all federal Websites, which is helpful, but there are other elements of Websites that need to be secured. Administrative passwords for content management systems and servers needed to be monitored and guarded closely. Third-party resources, including DNS records, need to be protected as well. The watchword for Website security is, and will always be, "continuous vigilance."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.