Manipulating Outbrain Service Allows Group To Hack Sites Of Washington Post, CNN, Time

SEA taking credit on Twitter.

SEA taking credit on Twitter.

It’s been a few months since we last heard from the Syrian Electronic Army, but the hackers appear to be back in full effect with a short takeover of the sites of the Washington Post, CNN and Time earlier today. You might remember those guys as the group behind hacks of The Onion and the Associated Press this past spring.

The SEA reportedly managed to squirrel its way into the Outbrain service, a web recommendation tool employed by the above sites — and others — to proffer up “You might like to look at this other content” links, notes the AtlanticWire.com.

Once it had allegedly hacked Outbrain, the group likely tinkered with code used by the service to embed widgets on clients’ web pages. From there, it was subsequently able to redirect users heading to the news sites over to a web page controlled by the group. Don’t think it didn’t crow about its success and claim it had used Outbrain, short-lived though the hack may have been:

A spokesperson for Outbrain tells Consumerist:

“We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. We are working hard to prevent future attacks of this nature.”

The Washington Post issued a brief statement after the site returned to normal:

“A few days ago, The Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information. The attack resulted in one staff writer’s personal Twitter account being used to send out a Syrian Electronic Army message. For 30 minutes this morning, some articles on our web site were redirected to the Syrian Electronic Army’s site. The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting The Post site.”

Syrian Hackers Use Outbrain to Target The Washington Post, Time, and CNN [The Atlantic Wire]