The hacktivist group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli joke stories and an anti-Obama meme image.
In a post on The Onion tech team's GitHub blog, the fake news site explains that the Syrian Electronic Army didn't wrestle control of its Twitter account using some advanced hacker scheme.
The hack attack penetrated the publication with at least three methods of phishing attacks, where a false e-mail redirected people to a fake Website which then asked for Google Apps credentials.
Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the former to post a tweet falsely claiming that there had been an explosion at the white House.
Exposing details about an attack is not the normal approach companies take after they are hacked. The New York Times revealed earlier this year how Chinese hackers breached its systems, but that was an anomaly. Most companies fear what such disclosures will do to their reputations, or their stock price.
The attack was initiated via emails sent to The Onion employees containing a link that, with a quick glance, appeared to be from The Washington Post on content about The Onion. When clicked, however, the link took the recipient to the URL “hackwordpresssite.com/theonion.php,” which then redirected again to one requesting Google App login information, after which point it took the victim full circle back to Gmail.
Only a few employees received the emails, and at least one was fooled by it, resulting in the second phase of the attack. Using the employee’s compromised email, the SEA sent messages to other The Onion employees early in the morning containing another link that again requested Google login information.
Of those targeted, one of the individuals who fell for it had the login information for The Onion’s social media accounts, including Twitter. The Onion became aware of this breach quickly and sent out alerts to everyone to change their email passwords.
What lessons can be learned from the successful Syrian Electronic Army phishing attack against the Onion? “ Don't let this happen to you,” The Onion warned in big, bold print. The Onion advises other media companies to avoid such attacks by taking such steps as employee education on phishing, isolating social media account logins, feeding tweets through a third-party application, and having access to all employees outside of corporate email accounts.