The Guardian becomes hacker army's latest media victim

Guardian Twitter feeds have become the latest social media hack victims of the Syrian Electronic Army
Guardian Twitter feeds have become the latest social media hack victims of the Syrian Electronic Army

"Follow the Syrian Electronic Army... Follow the truth! @Official_SEA12 #SEA #Syria” was one not-so-subtle clue as to the attackers’ identities, posted via the paper’s @GuardianSustBiz and @BusinessDesk accounts yesterday.

“The hackers have been making a habit of breaking into high profile Twitter accounts in recent weeks - their attack on AP's Twitter account where they posted fake news of an explosion at the White House, actually managed to cause a drop in the Dow Jones,” noted Sophos Security’s Graham Cluley. The SEA also has recently hit BBC, NPR, CBS, Al-Jazeera and FIFA.

As many as 11 accounts belonging to The Guardian were hijacked – and “although some have been recovered, others appear to either still be harboring the unauthorized tweets or to have been suspended by Twitter security,” Cluley said.

The SEA is likely becoming successful in its account overtaking thanks to phishing emails, Cluley pointed out.

“For instance, if the attackers were to send a convincing looking email to a news agency, claiming to be a link to a breaking news story, recipients might be fooled into clicking on it and being tricked into entering their Twitter account details,” he said.

Most media organizations allow, if not demand, that a wide range of staff update their official Twitter accounts, so it only requires one worker to be fooled by an attack for the account password to fall into the wrong hands.

James Ball, a journalist at The Guardian, said that he ran across what seemed to be smart social engineering mails. Over the weekend he first noticed things awry: “Hm. Phishing attack specifically targeted at Guardian journalists in my inbox right now. SEA at work again?” he tweeted. He added a couple of days later, “The guys doing the Guardian phishing attack I mentioned yesterday (it's SEA) are really very good: sustained, changing, mails today.”

Cluley had common sense advice: “Make sure that the staff in your company are on the lookout for suspicious emails, and are clued-up about safe password usage to reduce the chances of being phished.”

What’s hot on Infosecurity Magazine?