The Syrian Electronic Army, a pro-Assad regime group of hackers, has claimed responsibility for cyber attacks on a number of media Web sites including that of the Canadian Broadcasting Corp.
Apart from the CBC, the group also targeted Web sites of organizations like The Telegraph, Forbes, The Chicago Tribune, NBC and others. Many of the sites, including that of the CBC, were back to normal operation by 9 a.m. today.
Many people who visited these sites today were greeted with a popup alert that read “You’ve been hacked by the Syrian Electronic Army (SEA).
The SEA is believed to operate from Syria. It has expressed support for Syrian President Bashar al-Assad and has claimed responsibility for numerous attacks on Western news media in the past.
This particular attack appears to make fun of the American celebration of Thanksgiving Day.
A post on a Twitter account associated with the group read: Happy Thanksgiving, hope you don’t miss us! The press: Please don’t pretend #ISIS are civilians #SEA.
In January this year, two of Microsoft’s Twitter accounts and a primary blog were knocked offline by a group claiming to be the SEA.
High profile news organizations are top targets of hackers that are believed to be backed by governments and regimes, according to a study authored by Morgan Marquis-Boire, senior researcher at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and Shane Huntley, security software engineer at Google.
The frequency of such attacks appears to be growing, according to one security expert.
“These types of attacks are becoming more prevalent with each passing month,” said Claudiu Popa, security and privacy advisor to Canadian enterprises, associations and agencies and principal of Informatica. “They started a few years ago and now they’re experts in social media.”
“They understand thaty media holds a lot of the public’s trust, so attacking media outlets is a way of destabilizing that trust,” he added.
Claudiu outlined three easy steps companies can take to mitigate such attacks:
- Social media administrators should avoid using a single account for multiple social sites, Web sites abd blogs in order to isolate their exposure to the impact of an attack
- Companies, departments and IT teams need to conduct regular and frequent security assessment for staff
- Change passwords regularly and often
In a recent report security software vendor Websense warned that operations by government-backed cyber terroris will escalate in 2015. The recalled that in 2013 the SEA hijack of the Associated Press Twitter account and falsely tweeted that the White House had been bombed and President Obama was injured.
“Back then this type of attack was exceptional, in 2015 it will likely become the norm,” Websense said.
In the spehere of global cyberwar, Websense said, it foresee the emergence of “new recruits.”
“We will see an increase in loosely affiliated cells that conduct cyber-terrorist or cyber warfare initiatives independent from, but in support of nation-state causes,” the company said.