Syrian hacking group places pop-up message on websites

  • Published
Hack
Image caption,

The SEA made its message pop up on some media websites

A number of websites have been compromised to display a message from a group identifying itself as the Syrian Electronic Army (SEA).

Betting site William Hill, the Daily Telegraph, Independent and La Repubblica newspapers and broadcaster CNBC were among those affected.

The attack was carried out by targeting a third-party widget used by the sites.

The companies affected have stressed that their visitors' personal data remained safe.

A worker at Gigya, a California-based customer identity management service, confirmed to the BBC that the hackers had mounted the attack by changing its domain name system entry.

DNS records match the names of websites and other internet services with strings of numbers that act as their internet protocol (IP) addresses, somewhat like a phone book.

By changing some of Gigya's domains, which were registered with a company named GoDaddy, the hackers were able to redirect visitors to their own webpages or alternatively activate pop-up messages.

"This opens up the door for wider propagation of their message as essentially the ad network is doing their work for them," said Jen Weedon, an analyst at security company FireEye.

GoDaddy, the firm acting as Gigya's domain registrar, later released a statement of its own.

"After conducting a thorough investigation into the Gigya.com situation, we found that an attacker had access to Gigya.com's email account information, including its password," said Todd Redfoot, GoDaddy's chief information security officer.

"The attacker then used our standard password reset process to gain GoDaddy account access and made DNS changes.

"We have since assisted the customer in regaining account access and reversing the DNS changes. There is no indication how the attacker was able to access the customer's email account involved in the reset process, but we're confident our systems were not comprised and remain secure."

Past attacks

In 2013, SEA carried out a DNS-related attack that made it temporarily impossible to access the New York Times and Huffington Post.

Other victims have included social media platforms belonging to the BBC, the Associated Press, the Guardian and Skype.

The group also managed to place its own links on the sites of the Washington Post, CNN, and Time magazine last year after compromising a recommendation service used by the organisations.

Image caption,

An account associated with the SEA posted this screenshot after the attack

However, the hacking collective had been relatively quiet of late.

"Happy thanksgiving, hope you didn't miss us," said a message posted to a Twitter feed that appears to belong to the organisation,

It was accompanied by a message critical of Isis, a reference to the Islamic State terrorist organisation, which is fighting against Syria's President Bashar al-Assad.

Related internet links

The BBC is not responsible for the content of external sites.