Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Sunday, May 12, 2013

The Onion reveals how Syrian Electronic Army hacked its Twitter   Read more: http://www.itproportal.

The Onion staff put their laughing-making on hold last week when the Syrian Electronic Army hacked its Twitter account — the latest in a growing list of publications invaded by the group. “In summary, they phished Onion employees’ Google Apps accounts via 3 separate methods,” the site’s tech team explained in a blog post. The slow, calculated attack began early this month, when the Syrian Electronic Army (SEA) sent emails to some of the site’s employees.  The messages (example below) implored The Onion’s reporters to “Please read the following article for its importance,” with a link to what appeared to be a Washington Post story. [Interesting, the attackers modified their social engineered email attack to be a password reset email, after the Onion IT department told everyone to change their passwords.]

At least one employee entered their credentials, allowing the attackers entrance to their account, from which the SEA sent the same email to more Onion staff.  The last attack compromised at least two more accounts, one of which was used to control the Twitter account.

One in particular —Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels — angered the attacker, who began posting edtorial email addresses on the SEA account.

At the end of the day, at least five Onion accounts were compromised; the company forced a password reset on every staff member’s Google Apps account.


Posted on 05/12