Online vandals calling themselves the "Syrian Electronic Army" have struck again. This morning, they hijacked an article recommendations service used by major US news websites, including The Washington Post, CNN and Time. A box on the The Washington Post's website that usually displays recommended articles from around the web instead showed text reading "Hacked by SEA." The news outlet published an editor's note confirming the website hijacking, and adding that it came after an employee's Twitter account was also hijacked and used to send out Syrian Electronic Army tweets. In another article, The Washington Post said its engineers had linked the attack to Outbrain, the third-party company responsible for the recommendations boxes.
Outbrain itself quickly took to Twitter to confirm it had been hacked, but didn't immediately name who was responsible or who was suspected. In a post on its blog, Oubtrain also said "the breach now seems to be secured."
Due to an attack, our recommendations are down. Our team is working to get our system secure & up shortly. Apologize for any inconvenience.
— Outbrain (@Outbrain) August 15, 2013
A Twitter account under the handle "@Official_SEA16," and name "Syrian Electronic Army," boasted that it had gained access to all three news websites and posted a screenshot (above) of Outcast's compromised interface.
@TIME, @CNN, @Washingtonpost websites hacked in one strike by hacking @outbrain #SEA #SyrianElectronicArmy #Syria pic.twitter.com/5OI1BE2oCM
— SyrianElectronicArmy (@Official_SEA16) August 15, 2013
Other web attacks on major media companies in recent months have been claimed as the work of the Syrian Electronic Army, which is reportedly a group of fans of authoritarian President Bashar al-Assad. Just yesterday, The Daily Beast reported that Syrian Electronic Army hackers gained access to Social Flow, another third party company used by that publication and many others to manage their social media accounts. The Daily Beast later a ran an interview with an alleged member of the hacker group, who said he was one of nine college students.
The self-described hacker said the group's goal was to tell the world there "was no revolution in Syria, but terrorist groups killing people accusing Syrian Arab Army," a reference to the government crackdown on rebels that's led to a bloody, two-year-long civil war in the country. The interview subject also said that he and his fellow hackers weren't being paid by the Syrian regime. Other security experts previously told The Verge that despite mainly perpetrating low-level Twitter and web hacks so far, they thought the group was capable of far more damage. At the very least, the recent spate of attacks are a reminder to media companies to be careful in trusting the security of some of their key communications channels to third-party startups.