suspected of being comprised of pro-
Syrian government hacktivists -- on
Tuesday hijacked The New York
Times' website and briefly took over
Twitter's domain name system
servers.
The SEA's main motive is to gain
visibility for its cause, said Jaeson
Schultz, a Cisco threat research
engineer.
"They have claimed on their website
that the portrayal of events in Syria,
especially by Western media, is
inaccurate," Schultz told
TechNewsWorld.
The SEA on Wednesday tweeted that
its website and domain had been
taken down.
Damn Yankees
It could be that the SEA is trying to
intimidate the NYT into changing how
it covers the Syrian civil war, or " The
New York Times was a convenient
target of protest against the U.S. as a
whole," speculated Randy Abrams, a
research director at NSS Labs .
"The other compelling angle is that it
is strongly positive publicity in terms of
garnering support from, and
assuming a position of perceived
authority among, those who are
enemies of the U.S.," Abrams told
TechNewsWorld.
An antiwar message put up on
Pastebin, allegedly by the SEA, states
that for the last three years, "we have
faced a fierce proxy war led by the
gulf oil sheikhdoms and their masters
in the white house."
It dismisses as lies U.S. claims that
Syrian President Assad's regime used
chemical weapons, and hints that the
conflict might spread to the world at
large.
How the Hack Occurred
Melbourne IT, The New York Times'
domain registrar, said the hackers got
into its systems by spearphishing --
sending specially crafted emails --
some employees at one of its U.S.-
based domain agents, or resellers.
The employees provided their email
log-in details and things went
downhill from there.
"Typically, the SEA uses spearphishing
attacks to gain access to email in-
boxes of their targets," Cisco's Schultz
said.
The attack on Twitter essentially failed
because that company had paid extra
for a secondary security feature
offered by Melbourne IT, AP reported.
The NYT did not subscribe to that
feature, which would have protected
it, Melbourne IT Chief Technology
Officer Bruce Tonkin reportedly said.
The attacks apparently were first
discovered by security researcher Nick
Semenkovich, whose Twitter account
carries a chronology of the attacks as
they occurred in near real time.
Open Doors Lead to Security Flaws
This is the latest attack on the media
by the group, which emerged during
the first uprisings in Syria in 2011.
The Guardian, the Associated Press
news service and the Financial Times ,
whose site was hacked in May, are
among the recent victims.
The media is a relatively easy target
because its goal "is to disseminate
information, not contain it," NSS Labs'
Abrams pointed out. "The [media's]
investment in digital security is
probably far lower than in companies
that stand to lose intellectual property
or secrecy."
Further, media organizations exist in a
fast-paced 24/7 news cycle world, and
their employees are not experts in
computer security, Cisco's Schultz
remarked. "This creates a perfect
setting for miscreants who use
spearphishing to steal credentials and
other information."
However, spearphishing is effective
against other targets too. Thirty-three
percent of Fortune 500 executives fall
for phishing attacks, according to
Wombat Security Technologies.
The Wolf at the Door
"Everyone is a target," Alex
Barsamian, lead developer at
FlowTraq , told TechNewsWorld. "No
industry is immune to becoming a
target to hacker groups like SEA."
There is no technological fix behind
what happened, nor is there a real
failure as such, Barsamian contended.
"In this instance, the failure was on
the part of the phisher's marks," he
continued. "What's unsettling is that
someone with the keys to such a big
kingdom was apparently tricked by
the emails in the first place."
The takeaway appears to be that
organizations need to train staff about
the social engineering threat and take
a holistic view of IT security. They
should also pay heed to their security
professionals' suggestions and use
penetration testing as a proactive
measure.
It seems journalists are easy marks
for spearphishers, which puts even
top-drawer publications like the
NYT at risk. The media is a
relatively easy target because its
goal "is to disseminate information,
not contain it," said NSS Labs' Randy
Abrams. "The [media's] investment
in digital security is probably far
lower than in companies that stand
to lose intellectual property or
secrecy."
Courtesy: ECT
No comments:
Post a Comment