The Onion explains how it got hacked by the Syrian Electronic Army

the onion hackedRemember how we all thought it was weird that the rebel organization Syrian Electronic Army targeted satirical news outlet The Onion after successfully hacking actual, usually reliable news sources on Twitter? No matter how odd the choice was, here’s the truth according to The Onion: The hack attack penetrated the publication with at least three methods of phishing attacks, also known as sending links that gain control of one’s email account under the guise of receiving really important information – a trick a lot of people still fall for.

In a write-up detailing how the hacking happened, The Onion explained that the Syrian Electronic Army first sent out emails to a few Onion employees containing links disguised as a Washington Post story about their organization. Of course, any self-respecting journalist would jump at a chance to check out a tip … only it wasn’t a tip, but rather a malicious link that lead to another malicious link until it finally landed on a page that asked for login details. The last link bore the word Google in its extra-lengthy URL – which would probably raise flags for Internet savvy users – making it easy for anyone to quickly make the assumption of its legitimacy and right for asking one’s password to Google Apps before redirecting to Gmail.

sea-phishing

All it took was for one Onion employee to fall for this trickery. Once the hackers got into the account, they used it to send out more of the same email to other Onion employees, who by nature wouldn’t question the act since it came from a source they trusted.

A lot of staff members clicked the link and stopped as soon as they were asked to enter log in details, but just like the first phase of the phishing attack, all it took was two more employees to fall for the trap, and one of them happened to have social media account access.

The Onion became aware of this breach quickly and sent out alerts to everyone to change their email passwords. The Syrian Electronic Army, however, became unstoppable at that point – they successfully avoided being thwarted right away by modifying their original phishing email to look like a password-reset link and sending it out to a few more people, excluding staff members who worked in the IT department. This third and final phase of the phishing attack affected two more accounts, and one of those accounts happened to be the back-up email for regaining Twitter access, just in case hackers took control of it.

Instead of feeling duped and defeated, The Onion took this opportunity to publish an article relating to the incident. They also forced a company-wide password reset for every Google Apps account owned by staffers to ensure that potential security breaches caused by the Syrian Electronic Army are nipped at the bud. “In total, the attacker compromised at least five accounts. The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website,” revealed The Onion in a blog post.

“Don’t let this happen to you,” The Onion warned in big, bold print. They ended their report by providing tips on how to prevent this sort of attack from happening. While most of them pertain to people who work for a company or organization, some of them are pretty obvious: Analyze the links you receive and be extra wary of ones that ask for login details, and anyone can be a victim of a phisher – your boyfriend, your best friend, your boss, even your mom (especially your mom). Make sure to tell them to be extra careful as well.

We recently were able to talk with the Syrian Electronic Army about its rash of Twitter hacks and the motives behind them

Emerging Tech

Death from above? How we’re preparing for a future filled with weaponized drones

Drones are beginning to enable everything from search & rescue, to the delivery of medicines to hard-to-reach places. But they are also being used as cheap, and deadly flying bombs. How can we defend ourselves?
Social Media

How to turn off Safe Mode in Tumblr

If you've joined Tumblr after hearing tales about the social network's more adult communities, you may be disappointed by how family-friendly it seems. Here's how to turn off "Safe Search" in Tumblr and delve into the site's seedy…
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step by step, whether you're running a MacOS or Windows machine.
Home Theater

How to make your TV squeaky clean for not much green

Not sure how to clean the LCD, OLED, or plasma display that's the cornerstone of your living room? You don't need to buy expensive cleaning solutions to clean your TV -- we'll teach you how to do it with simple household items.
Computing

Was your Facebook account hacked in the latest breach? Here’s how to find out

Facebook now reports that its latest data breach affected only 30 million users, down from an initial estimate of 50 million accounts. You can also find out if hackers had accessed your account by visiting a dedicated portal.
Mobile

Hinge's new feature wants to know who you've gone out on dates with

With its new "We Met" feature, Hinge wants to learn how your dates are going with matches in its app. That way, it can inject the information into its algorithm to provide future recommendations that better suit its users' preferences.
Social Media

Like a pocketable personal stylist, Pinterest overhauls shopping tools

Pinterest shopping just got a bit better with a trio of updates now rolling out to Pinterest. The first replaces Buyable Pins with Product Pins for more features, including knowing whether or not a product is in stock.
Smart Home

Facebook’s new Portal device can collect your data to target your ads

Facebook confirmed that its new Portal smart displays, designed to enable Messenger-enabled video calls, technically have the capability to gather data on users via the camera and mic onboard.
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.
Social Media

Twitter has sorted out those weird notifications it was sending

Twitter started churning out weird notifications of seemingly nonsensical letters and numbers to many of its users on Tuesday morning. The bizarre incident even prompted Twitter boss Jack Dorsey to get involved.
Photography

Adobe MAX 2018: What it is, why it matters, and what to expect

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Home Theater

Facebook might be planning a streaming box for your TV that watches you back

Facebook is reportedly working on a piece of streaming media hardware for your living room with a built-in camera for video calls, something people may not want given the company's recent controversies.
Computing

Adobe’s craziest new tools animate photos, convert recordings to music in a click

Adobe shared a glimpse behind the scenes at what's next and the Creative Cloud future is filled with crazy A.I.-powered tools, moving stills, and animation reacting to real-time tweets.
Social Media

Over selfies and an onslaught of ads? Here's how delete your Instagram account

Despite its outstanding popularity and photo-sharing dominance, Instagram isn't for everyone. Thankfully, deleting your account is as easy as logging into the site and clicking a few buttons. Here's what you need to do.