Feeds

Techies at The Onion: Here's how Syrian Electronic Army hacked our Twitter

New password: OnionMan77

Remote control for virtualized desktops

Techies at satirical news outfit The Onion have posted an informative explanation about how pro-Assad hacktivists from the Syrian Electronic Army hijacked their official Twitter account on Monday.

Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the former to post a tweet falsely claiming that there had been an explosion at the white House. The tweet caused the Dow Jones to briefly plummet, before stocks recovered after everyone realised it was a hoax.

We don't know how the keys to the AP or Guardian feeds were purloined, but in Monday's break-in to @theonion the SEA used a multi-phase phishing attack, techies at "America's Finest News Source" explained.

The first phase of the assault attempted to trick Onion staff into following a link purportedly to an article about The Onion published by The Washington Post. That link led to a fake site set up by hackers that requested Google Apps credentials. In turn, these credentials allowed the hacktivists to get into the Onion's Gmail accounts.

Hackers then used the compromised accounts to send out further phishing emails along the same lines - but this time the emails came from a trusted source. At this point the hacktivists struck gold: one of the two compromised accounts was associated with The Onion's social media accounts, allowing the pro-Assad group to hijack @TheOnion. Followers wondered whether or not updates such as “UN retracts report of Syrian chemical weapon use: Lab tests confirm it is Jihadi body odor” were unusually edgy satire or a sign that the feed had been kidnapped.

Th3 Pr0, a member of the SEA, told The New York Times that his crew targeted The Onion because of a recent parody supposedly put together by Syrian President Bashar Al-Assad, entitled: “Hi, In The Past 2 Years, You Have Allowed Me To Kill 70,000 People.”

The attack prompted techies at The Onion to email staff advising them to change their passwords. The hacktivists responded with an attempt to sow confusion by sending out a fake password reset message with links back to their credential-stealing page. Cannily, the SEA ensured none of these phishing emails went to anyone on the Onion's tech support team. This fresh assault trapped two new victims, one of whose accounts was subsequently abused to keep control of the seized Twitter profile.

The Onion's editorial team responded to the hack by posting articles mocking its attackers, such as "Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels". The SEA briefly (and humourlessly) retaliated by posting editorial email information on Twitter before the account was returned to its rightful owners.

In the aftermath of the hack The Onion's techies said user education about phishing is a vital first step against guarding against attacks against corporate social networking feeds.

Taking over a Twitter account is possible through a variety of mechanisms including phishing, password guessing, weak password reset set-ups and use of the same login credentials on Twitter and a site that becomes the victim of a password database compromise.

Isolating Twitter-linked accounts from regular email accounts and other preventive steps can limit the scope for mischief that arises from successful phishing attacks, while having alternative ways to contact employees if anything goes wrong can help resolve the results of any security breach quickly, the Onion tech team further suggests.

Two-step authentication techniques, such as sending a code by SMS to pre-registered phones to confirm password changes or use of tokens, promises to clamp down on account hijacking, which has peaked over recent weeks. Twitter is set to roll out two-step authentication in the near future.

All this sounds fair enough, and far better than the satirical notice that "The Onion Twitter password has been changed to OnionMan77" or its top tips for other media outlets on how to avoid getting hacked.

Additional security-related comment on the incident, alongside screenshots of several fake Tweets put out by the SEA, can be found in a blog post by Sophos. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.