Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Inside the Syrian Electronic Army Washington Post Attack

    By
    Sean Michael Kerner
    -
    August 17, 2013
    Share
    Facebook
    Twitter
    Linkedin
      hacker

      The Washington Post reported Thursday, Aug. 15 that it had been the victim of an attack by a group known as the Syrian Electronic Army (SEA). The intrusion involved both a phishing attack against a staff writer’s Twitter account as well as some Washington Post page redirections by way of an exploit of the Outbrain advertising and content discovery platform.

      So what exactly is the SEA, and perhaps more importantly, what can and should publishers and enterprises do to protect themselves from being victims?

      The SEA, which is aligned with Syrian President Bashar al-Assad, has a long history using various attack methods, said Jason Lancaster, senior intelligence analyst at Hewlett-Packard’s Security Research division.

      “The group’s motivation, spreading pro-Assad messages, has not changed, but we have seen the volume of activity escalating over the past few months as well as the evolution of its tactics,” Lancaster, who has been tracking the SEA’s activities for years, told eWEEK.

      In Lancaster’s view, attacking Websites through third parties, as they have done in this attack with Outbrain, is part of this escalation of events.

      “This is not a typical tactic used by the SEA but is something we have known the group is capable of for a while,” Lancaster said.

      The third-party attack—in which a widget from Outbrain, which was resident on The Washington Post Website, led to an unintended page redirection—is eerily reminiscent of an attack that WhiteHat security researchers described at the Black Hat conference at the end of July. In the WhiteHat research, JavaScript was inserted into ads and used to build a botnet. In The Post attack, an ad network (Outbrain) was also the conduit for attacking a site.

      “This is an example of the power of the ad network when it comes to malware distribution,” Matt Johansen, manager for the Threat Research Center at WhiteHat Security, told eWEEK. “Instead of buying an ad and then later tainting it, the attackers here went after the ad network portal itself via social engineering emails.”

      In the SEA case, once the attackers were in the ad network’s admin panel, they had one of the world’s most efficient and powerful distribution tools at their fingertips and they used it, Johansen said.

      “Although we don’t have firsthand knowledge of the malware, it doesn’t seem to be using JavaScript like the botnet from our recent research,” Johansen said. “It would appear to be a more traditional drive-by malware download via the malicious ad loading in the browser.”

      What The Washington Post Did Right

      While the fact that The Washington Post was hacked is not a good thing, some positive lessons can be learned from the event.

      The Washington Post had a strong security response plan and ultimately did a good job managing the issue, Kyle Adams, chief software architect for Junos WebApp Secure at Juniper Networks, told eWEEK.

      “They reacted very quickly to mitigate the problem by identifying the issue, quickly mitigating future damage by blocking the threat and then were transparent about the incident,” Adams said. “So, from my perspective, they did everything exactly as they should have.”

      Inside the Syrian Electronic Army Washington Post Attack

      The attack on The Post exposes the complexity that exists on the modern Web and the diversity of security threats that it brings, Adams said. Often, it’s not sufficient just to secure a primary site; companies must make sure all the trusted third-parties that place ads, widgets or other services on the site are secure, as well, he added.

      Outbrain is entirely responsible for this attack, and they should address the issues with how they secure their own product to keep customers, and ultimately consumers, safe, Adams said.

      “Once Outbrain was compromised, it would have taken the attackers just a few extra clicks to scale the attack far beyond a single customer of the company,” Adams said.

      Outbrain has now secured its network and verified the integrity of its code, Yaron Galai, the company’s CEO, said in an Aug. 15 blog post.

      Where Will SEA Strike Next?

      Though The Washington Post and Outbrain have deflected the current attack, it is likely that the SEA will strike again.

      “For the SEA’s primary targets, which include mainstream media and any group perceived as supporting Western values, organizations should be particularly vigilant in monitoring for phishing attacks and SQL injection, as these are primary vectors for attack for the SEA,” Lancaster said.

      At-risk groups should enforce strong password policies, maintain unique passwords for each social media site and closely monitor corporate Websites for any out-of-process changes, Lancaster said. The use of two-factor authentication for social media sites is also a good best practice to further help reduce the risk of exploitation, he added.

      “Attackers leveraging ad networks to distribute malware is not new, and care must be taken to ensure that the content pushed through from these third parties is not malicious,” Lancaster said. “Today, global media organizations and individuals with access to those organizations’ social media accounts should be considered high-risk targets and should operate with a high level of caution.”

      The success with which the SEA has been able to attack media sites to date is a leading indicator for Lancaster that the attacks will continue into the future.

      “When a group is highly successful using techniques that are relatively easy to execute with little to no threat of retaliation from the victims, we do not expect the attacks to stop,” Lancaster said. “In fact, the frequency and value of targets may increase.”

      Shutting down the SEA is not an easy task either, given the global nature of the Internet. Lancaster noted that a number of SEA domains, including syrian-es.com, syrian-es.org and syrian-es.net, have been shuttered. Fifteen of the SEA’s Twitter accounts have been suspended, and a sixteenth is likely to be shut down as well.

      The highly visible attacks by the SEA began during the Arab Spring with increasing geo-political tensions in Syria, Lancaster said. “These tensions have not eased, and as this is a primary motivator of the group, we do not anticipate its attacks stopping until the unrest in Syria comes to an end,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×