Content recommendation serivce Outbrain was hacked by pro-Syria hacktivist group the Syrian Electronic Army yesterday, affecting visitors to the websites of The Washington Post, CNN and Time.
Outbrain provides paid-for links at the bottom of online content, usually under the banner “Stories from around the web”.
The SEA compromised the service so that for a period of half an hour yesterday, visitors to The Washington Post, CNN and Time’s website that clicked on one of its links were taken to the group’s own site.
Soon after the attack began, Outbrain revealed that it had fallen victim of a targetted phishing attack, the usual modus operandi of the SEA.
“On the evening of August 14th, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain’s CEO.
“It led to a page asking Outbrain employees to input their credentials to see the information,” the comany explained. “Once an employee had revealed their information, the hackers were able to infiltrate our email systems and identify other credentials for accessing some of our internal systems.”
The company temporarily disabled the service once it learnt of the breach. It is now back online.
A staff writer at The Washington Post also had their personal Twitter account compromised, and a pro-SEA message was Tweeted.
The SEA first emerged in April 2011, in the early days of the ongoing uprising against the Syrian government. It targets organisations that it claims distribute “fabricated news” about the Syrian civil war.
In April this year, the SEA successfully compromised the Associated Press’s Twitter account and posted a fake Tweet about an explosion in the White House. That Tweet triggered a temporary stock market crash.
Other targets have included Al Jazeera, the BBC, The Guardian and even satirical news site The Onion. In May, The Onion’s technology team revealed how the SEA had accessed its official Twitter account by sending phishing emails to employees.
In a report on the attack, The Washington Post said the SEA was indiscriminate in its attacks.
“The group targets both dissidents within Syria and “sympathizers” outside of the country,” the report claimed. “But that “sympathizer” label appears to be applied to anyone who talks about the Syrian conflict in almost any context without expressly endorsing the Assad regime.”