Multiple Media Outlets Victimized By Thanksgiving Day Attack

Chuck Bednar for redOrbit.com – Your Universe Online
The websites of several news organizations were targeted by a Thanksgiving Day attack involving pop-up ads promoting a group of hackers known as the Syrian Electronic Army (SEA), various media outlets are reporting.
According to PCWorld and CNET, affected websites included those belonging to the Boston Globe, the Canadian Broadcasting Corporation (CBC), CNBC, the Chicago Tribune, UK newspapers The Independent and The Telegraph, and PCWorld itself.
In addition, CNBC’s Katrina Bishop said that companies such as Dell, Ferrari and Microsoft, as well as the website of the United Nations Children’s Fund (UNICEF) and the online versions of Forbes and Italy’s La Repubblica were also affected. Bishop also confirmed that some CNBC users had reported seeing the message.
The SEA took credit for the attack via Twitter, which Andrew Griffin of The Independent said was pulled off by attacking the domain name system (DNS) entries of the popular Gigya comment platform through domain registrar GoDaddy.
Griffin said the attackers were able to alter the DNS technology, which changes the “.com” website addresses into directions to the actual website, and direct it to websites other than the intended destination. By doing so, they were able to redirect the traffic to SEA-related images or messages hosted on other websites. Gigya and GoDaddy worked together to remove the redirection, he said, though the fix may not immediately appear for all users.
Griffin said that the commenting system itself was not hacked, and CEO Patrick Salyer added that “neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised. Rather, the attack only served other JavaScript files instead of those served by Gigya.”
CNET’s Stephen Shankland said the attack was a variation on methods previously used by SEA hackers, and security experts told Bishop the attack was likely launched on Thursday because it was Thanksgiving in the US. Since it was a holiday, they explained, many Americans would be at home and browsing news websites on their computers and/or mobile devices.
“It is PR move to show they have the skills, but what they are doing is not dramatically sophisticated,” Ernest Hilbert, managing director of cybercrime at investigations firm Kroll, and former FBI agent, told CNBC. “This is a defacement of a website and they redirected traffic from the real site to a site with their stuff on it instead.”
The SEA has previously targeted the websites of the New York Times, the BBC and Microsoft, as well as the Twitter accounts of other media organizations, the Chicago Tribune reported. Likewise, Shankland noted that the group has also gone after news organization Reuters and satirical website The Onion in the past, and Bishop noted that the collective appears to support Syrian President Bashar al-Assad.
“Unlike many state-sanctioned hack attacks, the SEA tends to focus on extremely public targets, and uses its successes to promote its cause and gain publicity,” said Alex Hern of The Guardian. “It is also notable for attacking its targets using a mixture of social engineering and ‘spear phishing,’ rather than exploiting computer vulnerabilities.”
—–
Follow redOrbit on Twitter, Facebook, Instagram and Pinterest.