Pro-Assad hacktivist group the Syrian Electronic Army yesterday managed to deface several popular news and other websites including Time Out, The Independent and The Telegraph and redirect visitors.
Some visitors to the affected sites, which also include Forbes, CNBC and NBC, were greeted with a pop-up message declaring: “You’ve been hacked by the Syrian Electronic Army (SEA).”
Others were taken to a page displaying a logo of the SEA, according to a report in The Independent.
It claimed that the hacktivist group had attacked the DNS entry for comment platform Gigya at registrar GoDaddy. Gigya is the common link, apparently used by all the compromised sites.
By changing the DNS instructions, they were able to redirect users and display the “you’ve been hacked” message.
Gigya CEO, Patrick Salyer, was quick to point out that no data was compromised in the attack.
"Neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised," he told the newspaper. "Rather, the attack only served other JavaScript files instead of those served by Gigya."
The firm has apparently worked with GoDaddy to resolve the issue for users.
Mandiant principal threat intel analyst, Jen Weedon, claimed the incident is in-keeping with the SEA’s previous activity.
“The group’s primary MO is to make a statement about their political affiliation (pro-Syrian regime), or brag that they’ve gained access to or ‘hacked’ victims,” she explained. “The SEA regularly targets Western news organizations.”
Still, the attack was pretty tame compared to some SEA activity this year.
Read more: http://www.infosecurity-magazine.com/news/syrian-hacktivists-compromise-news/
Some visitors to the affected sites, which also include Forbes, CNBC and NBC, were greeted with a pop-up message declaring: “You’ve been hacked by the Syrian Electronic Army (SEA).”
Others were taken to a page displaying a logo of the SEA, according to a report in The Independent.
It claimed that the hacktivist group had attacked the DNS entry for comment platform Gigya at registrar GoDaddy. Gigya is the common link, apparently used by all the compromised sites.
By changing the DNS instructions, they were able to redirect users and display the “you’ve been hacked” message.
Gigya CEO, Patrick Salyer, was quick to point out that no data was compromised in the attack.
"Neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised," he told the newspaper. "Rather, the attack only served other JavaScript files instead of those served by Gigya."
The firm has apparently worked with GoDaddy to resolve the issue for users.
Mandiant principal threat intel analyst, Jen Weedon, claimed the incident is in-keeping with the SEA’s previous activity.
“The group’s primary MO is to make a statement about their political affiliation (pro-Syrian regime), or brag that they’ve gained access to or ‘hacked’ victims,” she explained. “The SEA regularly targets Western news organizations.”
Still, the attack was pretty tame compared to some SEA activity this year.
Read more: http://www.infosecurity-magazine.com/news/syrian-hacktivists-compromise-news/
