News of the attack broke after The New York Times website went offline and head of the Threat Research Center at WhiteHat Security, Matt Johansen, posted on Twitter that users were being redirected to an SEA site.
The New York Times reported that employees have also received an email from the newspaper's chief information officer Marc Frons, advising them to "be careful when sending email communications until this situation is resolved".
Frons explained that the hackers targeted the registrar used by the NYT, called Melbourne IT, which caused the site to drop offline. He called the incident a "malicious external attack" and showed the attacks had some serious capabilities.
“In terms of the sophistication of the attack, this is a big deal,” he said. “It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of websites.”
Indeed, director at AlienVault labs, Jaime Blasco said research showed the new attack had features indicating a secondary purpose to steal passwords from unwary web users trying to access the news site.
"Hackers who successfully break into Melbourne IT's systems could potentially redirect and intercept emails sent to addresses under certain domains. Users of sites that don't begin with ‘https' could have been fooled into entering passwords that could have been captured," he wrote.
The New York Times was one of many sites hit by the SEA. Alienvault has since published a full list of all the sites targeted during the SEA's latest raid, with other key victims including Twitter and Huffington Post.
The attacks are the latest in a wider campaign against the Western media by the SEA. The group first appeared in May 2011 targeting any website or media outlet publishing material criticising Syrian president, Bashar al-Assad.
As such senior security strategist at Imperva Barry Shteiman, said the group's high success rate targeting media outlets is poignant proof that most companies are still running using outdated security services.
"At some point, CIOs need to realise that critical pieces of their online entities are controlled by vendors, and that security policies should apply to them as well. Companies should create contingency plans, and check the security measurements taken by their third-party content and infrastructure providers. A DNS is, unfortunately, a great example," he said.
He added that the high success rate of the attacks means groups like the SEA will continue to operate and become more tenacious. "It makes lots of sense for a hacktivist group – that wishes to display their message and show that they exist – to go after high-end media," he said.
"The SEA has been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is, in essence, what hacktivism is. There is no profit involved, however making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after."
The SEA is one of many hacktivist groups currently operating. Prior to the recent campaign, security firm Mandiant reported linking a Chinese hacktivist military cell to attacks on The New York Times. The attacks were reportedly "payback" for a series of articles the paper published about Chinese prime minister Wen Jiabao.
No comments:
Post a Comment