Syrian Electronic Army phishes Reuters ad partner to post political message

Hijacks Taboola links

The Syrian Electronic Army (SEA) has followed up last week's attacks on The Sunday Times by successfully if briefly hijacking content embedded by the Taboola ad network on Reuters' news website.

According to an admission by Taboola, the SEA breached its defences after a phishing attack that found a way around the firm's two-factor authentication security. This allowed the attackers to change links embedded on Reuters news pages to a site hosting its own message.

"Stop publishing fake reports and false articles about Syria!," read the message, identical in fact to the one posted on defaced The Sunday Times and The Sun newspaper websites only days ago.

"The breach was detected at approximately 7:25am, and fully-removed at 8am. There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes," countered Taboola.

The site had now changed all its passwords, the message said.

Although attacks like this grab attention it appears that defenders are now reacting far quicker to successful compromises. In 2013, it would be hours before sites returned to normal, now it is more likely to be under an hour or even minutes; the newspaper attack was taken down in only 20 minutes for instance.

What is also clear is that faced with better-secured websites, the SEA is going after third-parties associated with those sites that might or might in some cases not have the same level of defences.

This has been a tactic for a while. A good example was the attack earlier this year on domain management firm MarkMonitor that also targeted Reuters.

The most infamous example was the successful hack of Melbourne IT in August 2013 that allowed the SEA to change the domain entries for domains,, and That attack single-handedly boosted the fortunes of domain protection companies the world over.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ReutersPersonal TechThe Sun

More about Melbourne ITReuters AustraliaSunday Times

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts