Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Syrian Electronic Army Goes After ShareThis

    By
    Sean Michael Kerner
    -
    August 23, 2013
    Share
    Facebook
    Twitter
    Linkedin
      security breach

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Syrian Electronic Army (SEA) is continuing its campaign of attacking online media sites by way of third-party widgets with an alleged attack this week against ShareThis.com. The SEA is a group with ties to Syrian President Bashar al-Assad and last week was implicated in an attack that redirected traffic from The Washington Post.

      Jaeson Schultz, threat research engineer for Cisco’s Threat Research and Communications (TRAC) Team, first disclosed the incident Aug. 22, based on an analysis of Domain Name System (DNS) records for ShareThis.com.

      ShareThis.com, which did not respond to a request for comment from eWEEK by press time, is a widely used third-party tool that appears on many Websites, enabling users to easily share a given page with social networking tools.

      After the data was published on the Cisco Security Blog, more information was released by the Syrian Electronic Army themselves, Schultz told eWEEK.

      “This included some screen shots of email conversations in which the administrators of ShareThis.com admit their GoDaddy domain account was compromised,” Schultz said.

      On Aug. 21, ShareThis.com tweeted that it was experiencing some technical difficulties. At 10:21 a.m. on Aug. 22, ShareThis tweeted that it was back up. Schultz’s analysis shows that ShareThis.com’s DNS nameserver records were changed with its host GoDaddy.com

      From GoDaddy’s perspective however, there was no breach. “While we can’t get into specifics on a particular customer account [out of respect for their privacy], I can tell you our systems performed exactly as designed,” GoDaddy spokesperson Nick Fuller told eWEEK. “There was no security breach.”

      So how did the SEA allegedly change the ShareThis.com DNS?

      Schultz suspects that this attack most likely occurred as many of the SEA’s previous attacks: a successful spear-phishing attack followed by culling valuable data from the compromised inbox. As was the case with The Washington Post issue last week, where a third-party widget from Outbrain redirected users to an SEA site, the same type of redirection was likely occurring with the alleged ShareThis.com incident as well.

      “While the possibility exists that something more malicious occurred, we have seen no evidence of anything but simple redirection,” Schultz said. “The motivation of the SEA seems to be site defacement rather than end-user compromise.”

      Current Status

      ShareThis regained control over their GoDaddy account sometime in the morning of Aug. 22, and returned the nameservers for their domain to their proper settings, Schultz said.

      “There is no indication that the SEA has access to the ShareThis GoDaddy account any longer,” Schultz said. “However, since the SEA had access to an email account at ShareThis.com, then it’s possible there are other credentials they found, or even other information they can use in future spear-phishing attacks on ShareThis’ business partners.”

      Risk Mitigation

      Site owners can tap steps to mitigate the risk of being a victim of a similar kind of attack. First off, Schultz recommends that site owners make sure they aren’t storing sensitive information, such as domain account credentials or other passwords inside email inboxes.

      Secondly, he suggests that for any sensitive external accounts (social media, domain registration) site owners should take full advantage of all available security features such as account password reset questions and two-factor authentication.

      Schultz also recommends that site owners monitor their Websites for unexpected changes, and monitor their Web statistics for unexpected drops in traffic. Educating employees to not always click on links in email is also a good idea.

      “Extra alarm bells ought to go off in your head if a link you click takes you to a page where you are prompted to enter a user name and password,” Schultz said. “The only time you should type in your user name and password is when you have entered the URL into the location bar yourself.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×