What can the latest Syrian Electronic Army attack teach us?

A few readers who noticed have asked me why I didn’t refer to yesterday’s attack by the Syrian Electronic Army as a “hacking” in my coverage (other than referring to SEA as “hackers” for simplicity’s sake).  It’s a good question, and one from which we can learn.

To summarize what happened yesterday, the attack was not on the NY Times, Twitter or Huffington Post UK directly.  The source of the problem was a web hosting and domain registration provider, Melbourne IT, of which the aforementioned are customers.  An individual(s) was able to obtain the login credentials of one of Melbourne IT’s reseller partners and then use those credentials to access the system and change the DNS records of several domain names on that reseller account. Once the changes were made, they were applied at a higher level of domain management.

What that means in layman’s terms is that when you typed “nytimes.com” into a browser, the system was unable to recognize the site by its name, versus by its numerical IP address.  For Twitter, the issue impacted one of its domains used for image serving.

I’m simplifying this significantly so as not to bore anyone with the technical details.

Whether you care anything about the NY Times or Twitter or any other site for that matter, what’s important about yesterday’s attack is that it could have happened to just about anyone in any other number of circumstances.

Sometimes it doesn’t take “hacking” to gain access to something you’re not supposed to be permitted to access.

More has come out since last night, explaining that the individual(s) with Syrian Electronic Army were successful in gaining access to make changes to records in the first place because of a phishing email – that’s an email that tricks the reader into performing an action by appearing to be legitimate.

From the LA Times:

The U.S.-based sales partner’s credentials ended up in the hackers’ hands after a targeted phishing attack was directed at the firm’s staff, Melbourne IT Chief Technology Officer Bruce Tonkin said early Wednesday. Essentially, several people at the U.S. firm were duped by emails that coaxed them into giving up log-in credentials.“We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords,” Tonkin said in an email. “We have also temporarily suspended access to affected user accounts until passwords have been changed.”]Late Tuesday, Melbourne IT spokesman Tony Smith said said the company was reviewing how to improve security.”We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies,” he added.

Why should I care, you ask?

Because this can happen to everyday people, too.  You could be asked to verify login credentials that appear to be from your bank, or another email account, or your Amazon wish list, any number of things.  And if you give them up to an imposter, you could create some trouble for yourself.

And as far as the media being targets to these tactics – it’s by no means the first time the Syrian Electronic Army, for one, has done this – there are greater dangers about this that should concern us.  Like it or not, agree with their point of view or not, media are influencers and the items they report can have an impact on the public.  In the wrong hands, that can go badly.  I often point to the incident in which the SEA hijacked an AP Twitter account and sent out a false tweet that there had been explosions at the White House, which in turn temporarily sent the Dow plummeting.

The same concept could theoretically be applied to situations on the ground.  As we read the news about conflicts across the globe, we are dependent upon the media to keep us informed.  If a media account is compromised and false information sent out in certain situations, it has the potential to agitate conflicts on the ground.  Luckily we’ve not really seen such an instance happen to date that I can recall (we could have, though).  But media have a responsibility to insure that they are taking precautions to prevent such a thing from happening.  And we as a news consuming public must, as we always do, remain skeptical and challenge information that might not seem to be exactly quite right (and I’m of course referring to reports outside the typical, usually justified, gripes of bias).

But that prevention also depends upon every link in the chain also taking security precautions.

This isn’t limited to the Syrian Electronic Army, this is part of the new age of information and social media, where news flies at the speed of light and can be very difficult to stop when it’s out of the gate. While hijackers, imposters, hackers and the like are often just looking for attention, it doesn’t hurt to think about and do some preventive planning for worse possibilities.

The same applies to each of us personally, it doesn’t hurt to be cautious and practice our own security measures.

 

CLICK HERE FOR FULL VERSION OF THIS STORY