The hacktivist group, the Syrian Electronic Army (SEA), seems to know no bounds. It’s smaller than any army on earth, yet its cyber warfare is making a big impact. The latest victim is CNN.
The SEA has successfully breached the news broadcaster’s social media accounts and blogs. The attack follow’s the group’s Microsoft social media invasions earlier this month.
"Syrian Electronic Army was here . . . Stop lying . . . All your reports are fake!" was the message SEA left on CNN’s primary Twitter account. CNN reported that its main Facebook account, “Politics” Facebook account and Twitter accounts for its “Security Clearance” were also compromised, along with blogs for Political Ticker, The Lead, Security Clearance, The Situation Room and Crossfire.
Freedom of Speech?
“The posts were deleted within minutes and the accounts have since been secured,” CNN reported. “Another post Thursday night on a Twitter account purportedly tied to the group said it was retaliating for "viciously lying reporting aimed at prolonging the suffering in Syria."
CNN is hardly the first media outlet to fall victim to the SEA. Like Anonymous, the SEA has made quite a name for itself in the hacker world. The hacktivist group has targeted many media sites, including the New York Times, the Washington Post, the Financial Times, the Associated Press, The Guardian, Twitter and Twing, over the past year.
The SEA's high-profile media hacking spree began in early 2013. The common running theme: the papers reported stories SEA didn't like. The New York Times was among the hardest hit, suffering a 20-hour outage after the SEA attack.
We caught up with Graham Cluley, an independent security analyst in London, to get his take on the CNN attack. He told us the 24/7 news network is not the first to fall victim to the SEA and almost certainly won’t be the last.
“Clearly, some media organizations still haven't heard the lesson, and have staff who are continuing to fall for spearphishing attacks which steal their passwords,” Cluley said.
“Employees need to be trained to be more cautious about unsolicited emails, and social media teams should ensure that they are not using the same passwords in multiple places and that they have protected their accounts with two factor authentication,” he added.
Picking on Microsoft
The SEA has hit Microsoft several times. First, the Syrian Electronic Army hijacked a few of Redmond’s Twitter accounts. Next, the group invaded the company’s official blog. Then, the SEA hacked into Microsoft’s Office Blogs site.
Earlier this week, the hackers took to Twitter with proof positive in the form of a screenshot of the Microsoft Office Blog site. The SEA article was titled “Hacked by the Syrian Electronic Army” and was placed next to “Office 15-Minute Webinars” and “Top 5 Reasons to attend Sharepoint Conference 2014” on the blog’s home page.
Microsoft was quick to take down the article, but Google searchers can still find the cached image. The attack comes as Microsoft rolled out a new design for its Office Blog site -- complete with a new content management system (CMS) -- on Monday and the SEA’s Twitter message reads, “Dear @Microsoft, Changing the CMS will not help you if your employees are hacked and they don’t know about that.”