Vice hacked by the Syrian Electronic Army in anger over article about group's identities

When Vice Magazine published an article in August, claiming to expose the true identity of a key member of the Syrian Electronic Army, they probably realised it was likely to raise the wrath of the notorious hacking group.

VICE article about the SEA

Sure enough, today the pro-Assad hackers appeared to get their (brief) revenge, hacking into Vice's systems in order to erase the story from the website and publish their own message to the outlet's staff.

Vice hacked

SYRIAN ELECTRONIC ARMY WAS HERE

YOUR WEBSITE WAS HACKED BY THE SYRIAN ELECTRONIC ARMY.
THIS TIME WE JUST DELETED THE ARTICLE THAT YOU CLAIMED IN IT THAT YOU EXPOSED "TH3PR0" IDENTITY. BUT YOU DIDN'T.
YOU PUBLISHED NAMES OF INNOCENT PEOPLE INSTEAD.
THE SECOND TIME WE WILL DELETE ALL YOUR WEBSITE.
SPECIAL HI FROM TH3PR0 :)
DONE.

Messages posted on the Syrian Electronic Army's Twitter account suggest that they compromised Vice's systems after gaining access to a number of websites associated with the online magazine, including that of the site's web developer. If historic attacks by the SEA are anything to go by, usernames and passwords will have been stolen through a targeted phishing attack.

With access gained to email accounts, the hackers were able to remove the article they found so upsetting, and post their own message, via the site's content management system.

To rub salt in the wounds, the hackers posted a screenshot of themselves accessing Vice's internal systems.

Vice content management system, breached by the SEA

Vice has since regained control of its site, restoring the removed article and erasing the message left by the hackers.

So, what is to be learnt from this attack?

Well, it seems to me that this particular attack would have been avoided if two factor authentication had been in place, protecting access to email and the site's content management system.

In addition, staff need to be reminded of the danger of phishing attacks - and taught to always be careful where they are entering their usernames and passwords.

Media organisations, in particular, should follow this advice - as they seem to have been a specific target of the Syrian Electronic Army this year.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

2 Responses

  1. Truth Seeker

    November 9, 2013 at 2:00 pm #

    What is to be learned from this, you ask? Funny how you don't mention that websites should take into consideration journalistic integrity before posting politically charged articles that clearly support terrorist groups
    You don't bother to consider that but I guess you are not in the business of looking for the truth! Shame!

    • AntiR4bia in reply to Truth Seeker.

      November 11, 2013 at 10:18 am #

      Thank you Truth Seeker. Finally someone who knows what this
      war’s all about! Long live Syria Al-Assad.

Leave a Reply