Syrian Electronic Army takes credit for hacking popular link referral service Outbrain
Washington Post and several other media websites were hacked on Thursday — sort of. The popular link referral service Outbrain (which TheWrap also uses) was infiltrated by the Syrian Electronic Army, causing its links to go to SEA websites. This was the second major hack by the SEA in the past three days.
Though the Washington Post reported that it was hacked, that appears not to be exactly accurate — the SEA provided screenshots of its work to E Hacking News showing that it was actually Outbrain that was compromised. Outbrain provides several major news sites with a content referral widget that gives readers links to related stories. On CNN, Time and Washington Post's websites, some of those links went to SEA websites.
Washington Post managing editor Emilio Garcia-Ruiz said in a statement that Post employees were "subjected to a sophisticated phishing attack, allegedly by the Syrian Electronic Army" several days ago, but that Thursday's attack appeared to be from an Outbrain hack.
"This morning, some articles on our web site were re-directed to the Syrian Electronic Army's site for a period of about 30 minutes," Garcia-Ruiz said. "The Syrian Electronic Army, in a Tweet, claimed they gained access to elements of our site by hacking one of our business partners, Outbrain. We have taken defensive measures and removed the offending module. At this time, we believe there are no other issues affecting the site."
The SEA has managed to hack into several media outlet websites and Twitter accounts, most recently several NY Post journalists' Twitter account and the newspaper's Facebook page on Tuesday. In an interview with the Daily Beast, SEA leader "SEA the Shadow" said the attack was in response to Twitter shutting SEA's accounts down.
On Wednesday, the New York Times' website went down for over an hour, but the paper claimed it was due to an internal issue and not a hack.
Outbrain's website is currently down, but the company stated on Twitter that its team was "working to get our system secure and up shortly." The company also sent a statement to TheWrap about the matter:
We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely. We are working hard to prevent future attacks of this nature.