Inside the Syrian Electronic Army's Attack on Outbrain

What's This?

By Lorenzo Franceschi-Bicchierai2013-08-16 21:41:59 UTC

The latest attack by the Syrian Electronic Army, a group of pro-Assad hackers, was first revealed on Thursday by a brief editor's note on The Washington Post's website.

The attack compromised the content delivery service Outbrain, as reported by E Hacking News . The websites of CNN and TIME, which also use Outbrain's services, were affected by the attack as well.

See also: Hackers Expose Security Holes That Allow 'Free Rides for Life'

The attack began on the evening of Aug. 14, according to a blog post by Outbrain's Vice President of Marketing Lisa LaCour, when the Syrian Electronic Army (SEA) sent a phishing email to all Outbrain employees. The email, which appeared to come from Outbrain's CEO, contained a link seemingly from a prominent news source — but instead redirected those who clicked on it to a page asking for employees' login information.

Such attacks are fairly common as of late, but even so, "at least one Outbrain employee was impacted, allowing an organization called the Syrian Electronic Army (SEA) to infiltrate our widget configuration tools," LaCour wrote.

This is how the hackers obtained control of the Outbrain widgets on CNN.com and TIME.com and were able to redirect WaPo articles to the SEA's homepage.

At 10:23 a.m. ET on Thursday, according to the timeline accompanying Outbrain's blog post, the SEA claimed responsibility for the attack. Eleven minutes later, Outbrain became aware of the attack; six minutes later, it shut down the service and blocked external access. At 11:03 a.m. ET, all Outbrain's systems were shut down.

After a series of communications with its clients and a system audit, Outbrain was restored almost nine hours later, at 7:30 p.m. ET.

Following the attack, Outbrain reset all passwords to its internal administration tools. All employees reset their email passwords and set up "double verify protection," according to LaCour.

"Outbrain’s system was compromised as a result of a simple phishing attack. Our system was not hacked, firewalls were not infiltrated and no personal or customer data was taken," she added at the end of the post.

While this was a "simple" phishing attack, the results were significant.

"These SEA attacks aren’t particularly sophisticated or novel," wrote Ken Pickering, the director of engineering at cybersecurity firm CORE, in an email to Mashable. "They seem to be using a fairly successful, but fairly well known, breaching tactic. The fact they are continually successful shows us we need to guard against these better."

Image: Marwan Naamani/AFP/Getty Images

Topics: hackers, hacking, Media, online privacy, outbrain, syrian electronic army, U.S., US & World, World