News websites hacked with ‘Syrian Electronic Army’ pop-up

A Thanksgiving attack across many Western news and information websites left visitors facing javascript pop-ups telling them they had been hacked by the Syrian Electronic Army, according to CNET.

A wide proportion of sites, including CNBC, the Canadian Broadcasting Corporation and the Boston Globe in North America, and The Telegraph, OK Magazine, Time Out in the UK were attacked via an exploit in the websites’ content delivery networks.

CNET describes the attack as ‘indirect’, switching addresses through Gigya – “a startup that handles identity matters”. They didn’t gain access to Gigya’s servers, but redirected traffic to their own, which resulted in a pop-up message that told users “You’ve been hacked by the Syrian Electronic Army.” The Independent – one of the sites hit by the attack – claims that Gigya’s DNS records were changed through GoDaddy.

In a blog post on the subject, Gigya’s CEO Patrick Salyer was emphatic that there was no serious risk from the breach, despite the message, saying, “To be absolutely clear: neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised. Rather, the attack only served other JavaScript files instead of those served by Gigya.”

“Gigya has the highest levels of security around our service and user data. We have put additional measures in place to protect against this type of attack in the future,” he added.

Despite this, the attack will have unsettled those who saw the messages during their visits to well respected sites. As CNET puts it: “Nevertheless, the attack, which was very visible to many users, shows the influence a hacking group can have even without getting detailed customer data. And with major attacks on companies like Target, Nieman Marcus and Home Depot fresh in mind, people have a right to be on edge.”

 

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.