Pro-Assad hackers compromise White House emails, Reuters Twitter feed

Goal of the attacks was to spread pro-Assad messages

The Syrian Electronic Army (SEA), pro-Assad hackers who have targeted various accounts on Twitter maintained by the media, including the Associated Press, three accounts maintained by CBS News, eleven accounts maintained by Britain's The Guardian, have struck again - this time targeting Thompson Reuters and email accounts used by the White House Staffers in charge of social media.

The goal of these attacks was to spread pro-Assad messages, supporting the Syrian leader whose government is entrenched in a civil war that has lasts more than two years, and resulted in more than 93,000 deaths.

The story was first reported by Nextgov.com, and later confirmed by SEA representatives.

The White House staffers were Phished by a set of emails that purported to have originated from the BBC and CNN. The social engineering scheme netted the attackers access to three separate accounts, which were then used to further Phish other White House staffers.

Fortunately, the attack failed. However, the SEA didn't seem to be bothered by this development, as they released what were alleged to be old Twitter passwords for the @whitehouse account on Tuesday, warning them that they'd "gotten lucky this time."

It isn't clear if the incident happened during or after the White House attack, but the SEA also targeted the Twitter account maintained by Thompson Reuters, which was used to spread pro-Assad messages until it was suspended late Monday evening. By Tuesday afternoon, the account had been restored to its status prior to the compromise.

"The Twitter effect is very common - where we see breaking news hit Twitter in some cases before it hits online news sources. Since the social network is becoming increasingly popular as a news source, if attackers can compromise key accounts that have influence over how users get information, they can potentially cause confusion," said Scott Behrens, senior security consultant at Neohapsis.

Like the previous attacks on the other media owned accounts, the SEA's attack on Thompson Reuters was done for propaganda and the amusement of those who carried out the attacks. Part of the SEA's amusement comes from the fact that many of the companies targeted fall victim to basic social engineering techniques, despite the fact that they have established security policies in place for social media and awareness training.

In May, Twitter released a memo on the SEA attacks, and reminded media firms about best practices and encouraged them to revisit their own policies for social media security. At the time, Twitter said that they believed the attacks were originating via Phishing attacks, and that they would continue, as it was clear "that news and media organizations will continue to be high value targets to hackers."

As of Tuesday afternoon, the SEA accounts related to yesterday's incidents were either silent or suspended. The group had created other accounts, and warned Twitter that suspending the additional profiles would result in additional hacking.

Read more about data protection in CSOonline's Data Protection section.

Tags: SEA Twitter hack, applications, White House hack, software, Thompson Reuters, Syrian Electronic Army, data protection, social engineering, White House Twitter hack, SEA hack

Hackers prepping for OpenSSL Heartbleed attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Data Loss Prevention

Comprehensive Data Loss Prevention Lowers Cost and Complexity

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.