Remember how we all thought it was weird that the rebel organization Syrian Electronic Army targeted satirical news outlet The Onion after successfully hacking actual, usually reliable news sources on Twitter? No matter how odd the choice was, here’s the truth according to The Onion: The hack attack penetrated the publication with at least three methods of phishing attacks, also known as sending links that gain control of one’s email account under the guise of receiving really important information – a trick a lot of people still fall for.
In a write-up detailing how the hacking happened, The Onion explained that the Syrian Electronic Army first sent out emails to a few Onion employees containing links disguised as a Washington Post story about their organization. Of course, any self-respecting journalist would jump at a chance to check out a tip … only it wasn’t a tip, but rather a malicious link that lead to another malicious link until it finally landed on a page that asked for login details. The last link bore the word Google in its extra-lengthy URL – which would probably raise flags for Internet savvy users – making it easy for anyone to quickly make the assumption of its legitimacy and right for asking one’s password to Google Apps before redirecting to Gmail.
All it took was for one Onion employee to fall for this trickery. Once the hackers got into the account, they used it to send out more of the same email to other Onion employees, who by nature wouldn’t question the act since it came from a source they trusted.
A lot of staff members clicked the link and stopped as soon as they were asked to enter log in details, but just like the first phase of the phishing attack, all it took was two more employees to fall for the trap, and one of them happened to have social media account access.
The Onion became aware of this breach quickly and sent out alerts to everyone to change their email passwords. The Syrian Electronic Army, however, became unstoppable at that point – they successfully avoided being thwarted right away by modifying their original phishing email to look like a password-reset link and sending it out to a few more people, excluding staff members who worked in the IT department. This third and final phase of the phishing attack affected two more accounts, and one of those accounts happened to be the back-up email for regaining Twitter access, just in case hackers took control of it.
Instead of feeling duped and defeated, The Onion took this opportunity to publish an article relating to the incident. They also forced a company-wide password reset for every Google Apps account owned by staffers to ensure that potential security breaches caused by the Syrian Electronic Army are nipped at the bud. “In total, the attacker compromised at least five accounts. The attacker logged in to compromised accounts from 18.104.22.168 which is also where the SEA hosts a website,” revealed The Onion in a blog post.
“Don’t let this happen to you,” The Onion warned in big, bold print. They ended their report by providing tips on how to prevent this sort of attack from happening. While most of them pertain to people who work for a company or organization, some of them are pretty obvious: Analyze the links you receive and be extra wary of ones that ask for login details, and anyone can be a victim of a phisher – your boyfriend, your best friend, your boss, even your mom (especially your mom). Make sure to tell them to be extra careful as well.
We recently were able to talk with the Syrian Electronic Army about its rash of Twitter hacks and the motives behind them.