Syrian hacktivists find new way to target Reuters

The Syrian Electronic Army (SEA) has found a new way of targeting the Reuters news agency, highlighting the need for greater supply chain and partner security.  

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Since May 2011, the hacktivist group, which is loyal to Syrian president Bashar al-Assad, has attacked several media organisations.

In July 2013, the Thompson Reuters Twitter account was suspended for investigation after it taken over by the SEA, which tweeted links to several political cartoons supporting Assad.

At the time, security analysts said the SEA's success suggested that media firms still had a way to go in protecting themselves from phishing attacks that tricked employees into revealing their Twitter account credentials.

But in the latest attack on Reuters at the weekend, the SEA was able to redirect visitors to its own content, despite enhanced security, by going through a third-party advertising network instead.

The redirection was achieved by compromising New York-based Taboola, which loads code into the Reuters website to display recommended web content, according to security researcher Frederic Jacobs.

“It is still unclear how Taboola was compromised, but given SEA’s track record, phishing would be my first guess,” he wrote in an article posted on Medium.com.

According to Jacobs, compromising Taboola makes the value of the compromise significantly higher than just compromising Reuters.

“Taboola has 350 million unique users and has partnerships with the world’s biggest news sites, including Yahoo, the BBC, Fox News and the New York Times,” he said.

The latest SEA attack could mean any of Taboola’s clients could now be compromised at any time, Jacobs warned.

The Taboola attack highlights that fact that any website’s security is dependent on the weakest of any third-party analytics or advertising networks.

“Any of them is able to take over your website and potentially steal your users’ data or trick them into installing malware,” said Jacobs.

To prevent such attacks, system administrators should minimise the number of third-party providers they need to trust and ensure that two-factor authentication is used for all credentials, he said.