File illustration picture of a man typing on a computer keyboard in Warsaw… (KACPER PEMPEL/REUTERS )
The Washington Post’s Web site was disrupted Thursday morning by a hacker group sympathetic to Syrian President Bashar al-Assad that apparently launched a coordinated wave of attacks on American news outlets.
A group calling itself the Syrian Electronic Army briefly succeeded in redirecting readers of some articles on washingtonpost.com to the SEA’s own site. The organization supports Assad, who has led a long, bloody campaign to crush a rebellion in Syria.
The intrusion lasted about 30 minutes and affected a number of foreign-news articles. “We’ve taken defensive measures, and at this time there are no other issues affecting the site,” said Emilio Garcia-Ruiz, The Post’s managing editor for digital.
The hacking follows a “phishing” attack by an unidentified source this week aimed at securing the passwords and log-in information of e-mail accounts maintained by Post journalists. The source of the attack sent e-mails to Post mailboxes that appeared to emanate from Post colleagues; the e-mails directed recipients to click a link and provide log-in data. That information could then be used by an outside source to gain unauthorized access to a computer network.
Post officials believe that the Syrian Electronic Army was also the source of the phishing scam.
In a tweet sent Thursday morning, the SEA claimed that it hacked the Web sites of The Post, CNN and Time magazine “in one strike.” The tweet indicated that The Post’s site was hacked through Outbrain, an ad network The Post uses to automatically suggest other stories that readers might like based on user profiles.
Outbrain acknowledged a problem with its network Thursday. It said in a statement: “We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. We are working hard to prevent future attacks of this nature.”
In the past, the Syrian Electronic Army has successfully cracked administrative passwords or used phishing scams to steal user names and passwords, said Chester Wisniewski, a senior adviser for Sophos, a security software vendor. Targeting Outbrain, Wisniewski said, may suggest that the group is undertaking more sophisticated attacks.
Directing an attack at a network with a wide reach, such as Outbrain, is an efficient way for hackers to target several sites at once, Wisniewski said.
“If I’m looking to hack sites, if I can get into a network like Outbrain, it’s probably easier than serially breaking into The Washington Post, CNN and other sites,” Wisniewski said. Other hackers, he said, have targeted ad networks to deliver malware, or code that impedes computers, to thousands of sites simultaneously.
Since 2011, SEA has claimed credit for infiltrating the social media networks of several prominent media and human rights organizations including the Associated Press, NPR, Al Jazeera and Human Rights Watch. This week, the group claimed it had successfully infiltrated SocialFlow, a company that helps users send automatic updates to their social networking accounts.
In April, the group took credit for breaking into AP’s Twitter account to send a false report that a bomb had gone off in the White House. The message sent the stock market into a panic, causing the Dow Jones industrial average to lose more than 100 points within two minutes.
Little is known about individual members of the SEA, which is politically aligned with Assad’s regime but has never been directly linked to the Syrian government. The group typically targets media sites and social networks to spread its political message, said Scott Hazdra, principal security consultant for the Neohapsis security firm.
“Their reported goal is to bring attention to events that are happening in Syria,” he said. “To that end, I think they’ve been largely successful.”
Hazdra said that the group is likely small, consisting of mainly college-age people, and doesn’t appear to have a single geographic base. No one has ever been arrested in connection with being a member of the group, he said.
Last year, The Post and the New York Times reported that hackers — likely based in China — had targeted and infiltrated their internal computer systems to gather information on the companies and the activities of reporters. In that attack on The Post, sensitive administration passwords were compromised, giving the hackers access to a wide range of company systems.
At the time, the Chinese Defense Ministry denied that the Chinese military had any involvement in the attacks.
The attacks last year were different than the kind launched Thursday by the Syrian Electronic Army. Unlike the latest attack, the perpetrators of the earlier intrusion attempted not to draw attention to themselves.
The SEA, conversely, goes for flashy vandalization rather than the quiet data collection that The Post and the Times faced last year. In Thursday’s hack, readers were redirected to the group’s home page, which is in Arabic.
Brian Fung contributed to this report.