The Syrian Electronic Army said it seized control of several F.T. Twitter accounts and amended a number of the site’s blog posts with the headline “Hacked by Syrian Electronic Army.” Hackers used their access to the F.T.’s Twitter feed to post messages, including one that said, “Syrian Electronic Army Was Here,” and another that linked to a YouTube video of an execution. Both messages were quickly removed.
A Financial Times spokesman, Ryann Gastwirth, confirmed by e-mail that several of its Twitter accounts and one FT blog were compromised by hackers Friday morning and that it had secured the accounts.
Hacking has been an increasingly pernicious problem over the last year. The New York Times said its Web site “was subjected to denial of service attacks,” earlier this week, “which made it temporarily unavailable to a small number of users.”
In a so-called distributed denial-of-service attack, hackers try to overhelm a site’s servers with traffic, an assault that can disrupt or block service altogether. The New York Times did not say where the attacks had originated.
The attack against the F.T. follows dozens of other Syrian Electronic Army attacks on the social media accounts of news outlets including The Guardian, the BBC, NPR, Reuters and The Associated Press. In The A.P. attack, the group used its access to the agency’s Twitter feed to plant a false story about explosions at the White House that sent the stock market into temporary free fall.
Researchers who have been conducting digital forensics on these attacks say they are done through so-called spearphishing, in which attackers send e-mails that contain a link to a fake news article to employees at their target organization.
Once clicked, the link redirects employees to a fake Google or Microsoft mail site that asks the employee for their user name and password. The hackers then use that information to get inside employees’ inboxes, where they can send more e-mails to employees who have access to the organization’s social media accounts, then use that access to reset the organization’s password to their Twitter account.
In the attack on The A.P., a hacker who identifies himself as “Th3 Pr0” and a member of the Syrian Electronic Army said in an e-mail that the group convinced 50 A.P. employees to hand over their login credentials, including several of the organization’s social media editors. The hacker sent screenshots taken during the attack to prove the Syrian group was behind it, an assertion researchers confirm.
Security researchers who have been tracking the group since its inception in early 2011 have traced several of the attacks to a Web server in Russia that they believe redirects attack traffic from within Syria. Last weekend, one researcher traced an attack back to an Internet address in Syria that is registered to Syriatel, the Syrian telecommunications company owned by Rami Makhlouf, a first cousin of the Syrian president, Bashar al-Assad.
Activists point to that connection as proof that the Syrian Electronic Army is backed by the Assad regime, an assertion that members deny.
In an e-mail, Th3 Pr0 said the Syrian Electronic Army has two seemingly contradictory missions. The first is to “attack the media and spread truth on it” and the second is to “make damage to a specific country or to the terrorist groups in Syria by using the famous media’s social media accounts or Web sites to publish false news.”
Meanwhile, the Syrian Electronic Army itself became a hacking target this week. Anonymous, the loose hacking collective, took the group’s Web site offline in a type of digital attack called a distributed denial of service, or DDoS, in which they flood the site with traffic until it collapses under the load.
Article source: http://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?partner=rss&emc=rss