Security

Hackers who attacked Washington Post got Outbrain, too

A group of pro-Syrian regime hackers attacked the Washington Post this morning, redirecting posts to the group’s website.

“We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent.  The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. We are working hard to prevent future attacks of this nature,” an Outbrain spokesperson told VentureBeat in an email.

The Washington Post says the hackers compromised their systems through a vulnerability in partner Outbrain. Outbrain creates a widget that promotes your own content to the people already on your website. The company’s website is currently down.

“For 30 minutes this morning, some articles on our website were redirected to the Syrian Electronic Army’s site. The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting The Post site,” said Washington Post managing editor Emilio Garcia-Ruiz in a statement.

The group claimed on its Twitter account that it also compromised CNN and Time through the Outbrain vulnerability.

The Syrian Electronic Army is known for hacking publications that write about the conflict in Syria. The group often goes after those publications’ Twitter accounts, but also hacks into the websites themselves. Sometimes it will then deface articles and, in cases like today’s, redirect traffic to its own propaganda site.

Recently, hackers from the SEA hacked into the Associated Press’ Twitter account, tweeting out false information about an attack on the White House. This caused the Dow Jones to suddenly drop one percent within a minute of the tweet.  These hackers have also hacked CBS, NPR, Reuters, and Al Jazeera for their coverage of Syria.

Reblog this post [with Zemanta]