Yep, my wife called me to alert me to all the fun she was having on the Forbes website.
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
The Syrian Electronic Army has compromised a number of news websites – apparently through DNS redirects via Gigya, a customer identity management platform used by all the sites. The Pro-Assad javascript popup appeared across several websites, including The Telegraph, The Independent, Forbes, Time Out, PC World and The Evening …
COMMENTS
-
Thursday 27th November 2014 13:55 GMT Google
Adblocks are more than an eliminator of annoying ads, they're a security measure. It's not a rare occurrence for ad networks to serve up malware.
Imagine if they decided their network of Syrian fighters could use some extra funds and targeted flash instead for your banking credentials to be send right back the first time you login to your banking site.
-
-
Monday 1st December 2014 07:05 GMT Wzrd1
Re: Adblocks......they're a security measure...
"Do it in the HOSTS file, it's cleaner, more foolproof and you don't need bloaty BHOs installed on every browser you use."
Been doing that myself after getting malware warnings from my antivirus/firewall. If it's alerting on malvertisment now, one shudders to consider zero day attacks that AV/FW may not notice.
-
-
-
Thursday 27th November 2014 14:06 GMT Bloakey1
Gigiya the Culprit
Yup. US National hockey league, The Standard, OK Magazine, Parts of the Telegraph,Ferrari, Forbes PC World, Dell, Microsoft, etc. etc.
It appears that they launched an attack through Gigya using DNS redirects, so independent.co.uk redirected to http://i.imgur.com/qD53RZY.png which is a FSA page that displays their logo.
Pulling up other pages on the site such as cricket, sport etc. did not show the same behaviour and things were as normal. So all in all no brilliant skilled attack using zero day exploits or spear phishing just the normal basic redirection to their site.
Apparently they are supporters of a charming chap called Bastard al Assad, a medical chap and not the kind of man to inflict unspeakable carnage and horror on his people. A pink and fluffy chap and the kind of man you would like to have a few pints with down the local boozer.
-
Thursday 27th November 2014 15:26 GMT Anonymous Coward
Re: Gigiya the Culprit
Yes, just to clarify this is the guy inflicting unspeakable carnage on the country, not to be confused with the guys fighting him who're also inflicting unspeakable carnage on the country, as well as the country next door, with guns and money the west sent them last year. They also have an active internet promotional effort, which involves beheading western charity workers on video, though all things considered I'd prefer they too just stuck to javascript popups on the Indy.
-
Thursday 27th November 2014 20:03 GMT veti
Re: Gigiya the Culprit
To be clear, Gigya is a company whose marketing pitch is "We'll help you stalk people who visit your website".
If only we had a complete list of everyone affected by this hack, we'd have a great list of websites to avoid in future. Not because they're insecure, just because they're scum.
-
Monday 1st December 2014 07:15 GMT Wzrd1
Re: Gigiya the Culprit
"If only we had a complete list of everyone affected by this hack, we'd have a great list of websites to avoid in future. Not because they're insecure, just because they're scum."
My company had part of its internet presence interrupted by this, according to our security teams.
My only remark was, *never* deal with anyone who uses GoDaddy.
-
-
-
-
Monday 1st December 2014 07:15 GMT Wzrd1
Re: Al Jazeera Hackathon
As I personally know quite a few of the Am Jazeera team, I'll take their word for it, rather than your innuendo.
From the site:
"Canvas is a platform for experimentation, and it is being kicked off with an inaugural hackathon. We’re creating a space to explore and invent solutions to challenges that advance humanity while also pushing forward media and open source technologies. At the hackathon, you can collaborate with some of the most innovative minds in media and journalism to imagine the future of news and information. What will you create with a blank canvas? We are taking applications for designers, developers, media experts, and people with a passion for social innovation to join us for the inaugural Canvas hackathon on November 29th – December 1st, 2014."
-
-
Friday 28th November 2014 19:13 GMT @Cloudmark
Websites are only as secure as their weakest components
The Syrian Electronic Army is claiming to have hacked a number of sites, but evidence points to an advertising network at the heart of the attacks. This attack combines two weak points in the Internet's infrastructure, ad networks and DNS – and highlights how both were not built with security in mind.
A website is only as secure as the weakest component on that website. If you display adverts from a third party advertising network, your visitors are vulnerable to any security holes on that advertising network. We saw how problematic this can be recently when visitors to AOL, Match.com and Yahoo! clicked on a malicious advert and were then infected with the Cryptowall ransomware. The DNS system, one of the fundamental building blocks of the Internet, dates back to the days when everyone on the network trusted everyone else. Security in the DNS system has come as an afterthought and therefore, taking control of someone else's DNS account does not require any great technical expertise. It can be as simple as tricking the registrar into assigning the account to someone else.
The Syrian Electronic Army are experts at social engineering and spear phishing. Most registrars would think twice before changing ownership of the domain name of a major newspaper to another owner - though it did happen to Craigslist recently - but they probably won't pay the same attention to the domain name of a startup ad network.
Securing the internet’s infrastructure has been a continuous discussion within the technology industry, and threats like this bring the conversation back into the spotlight. Large parts of the Internet's infrastructure need to rebuilt from the ground up to be more secure. DNS is one of those parts. The controls on transfer of domain ownership need to be tighter, requiring at minimum dual factor authentication, with the option of certificate or key based authentication for mission critical domain names. However, the DNS protocol itself is also subject to abuse. It can easily be used for DDoS amplification attacks such as the one on Spamhaus, and also lends itself to other abuses such as data exfiltration and botnet C&C. It can represent a single point of failure for critical systems, and as such, must be considered a key security concern for any enterprise.