Vice hacked by the Syrian Electronic Army in anger over article about group’s identities

Graham Cluley

When Vice Magazine published an article in August, claiming to expose the true identity of a key member of the Syrian Electronic Army, they probably realised it was likely to raise the wrath of the notorious hacking group.

VICE article about the SEA

Sure enough, today the pro-Assad hackers appeared to get their (brief) revenge, hacking into Vice’s systems in order to erase the story from the website and publish their own message to the outlet’s staff.

Vice hacked

SYRIAN ELECTRONIC ARMY WAS HERE

YOUR WEBSITE WAS HACKED BY THE SYRIAN ELECTRONIC ARMY.
THIS TIME WE JUST DELETED THE ARTICLE THAT YOU CLAIMED IN IT THAT YOU EXPOSED “TH3PR0” IDENTITY. BUT YOU DIDN’T.
YOU PUBLISHED NAMES OF INNOCENT PEOPLE INSTEAD.
THE SECOND TIME WE WILL DELETE ALL YOUR WEBSITE.
SPECIAL HI FROM TH3PR0 :)
DONE.

Messages posted on the Syrian Electronic Army’s Twitter account suggest that they compromised Vice’s systems after gaining access to a number of websites associated with the online magazine, including that of the site’s web developer. If historic attacks by the SEA are anything to go by, usernames and passwords will have been stolen through a targeted phishing attack.

With access gained to email accounts, the hackers were able to remove the article they found so upsetting, and post their own message, via the site’s content management system.

To rub salt in the wounds, the hackers posted a screenshot of themselves accessing Vice’s internal systems.

Vice content management system, breached by the SEA

Vice has since regained control of its site, restoring the removed article and erasing the message left by the hackers.

So, what is to be learnt from this attack?

Well, it seems to me that this particular attack would have been avoided if two factor authentication had been in place, protecting access to email and the site’s content management system.

In addition, staff need to be reminded of the danger of phishing attacks – and taught to always be careful where they are entering their usernames and passwords.

Media organisations, in particular, should follow this advice – as they seem to have been a specific target of the Syrian Electronic Army this year.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Vice hacked by the Syrian Electronic Army in anger over article about group’s identities”

  1. What is to be learned from this, you ask? Funny how you don't mention that websites should take into consideration journalistic integrity before posting politically charged articles that clearly support terrorist groups
    You don't bother to consider that but I guess you are not in the business of looking for the truth! Shame!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES