Financial Times’ Twitter, tech blog hijacked by the Syrian Electronic Army

[CyberAbc 290]

Add the Financial Times to the growing list of media companies whose websites or Twitter accounts were hijacked by a group calling itself the Syrian Electronic Army.

On Friday, both the paper's Tech Blog and several of its Twitter accounts were seized by the group. The SEA used its unauthorized access to publish 12 blog posts in four minutes and also sent tweets through the FT's Twitter feeds. One stated "Syrian Electronic Army Was Here." Another linked to a YouTube video which appeared to show bound and blindfolded individuals being executed, according to The Wall Street Journal.

The FT said the accounts were hijacked following a phishing attack targeting company e-mail accounts. That's the same method used two weeks ago to commandeer the Twitter account of parody news site The Onion. Other media companies that have been similarly hacked by the SEA in recent months include the Associated Press, The Guardian, The BBC, and Al Jazeera.

Twitter recently advised media companies to be on the lookout for attacks. The SEA's continuing success suggests media outlets still have a way to go in protecting themselves from phishing, one of the older attacks out there.

Given the SEA's ability, readers may wonder: Just who are these hackers, anyway? Nicole Perlroth of The New York Times found the group first emerged in 2011 as a well-regimented corps that included hundreds of volunteers. At some point, the leaders of that cyber militia disappeared. The current crew "consists of roughly a dozen new actors led by hackers who call themselves 'Th3Pr0' and 'The Shadow,'" Perlroth wrote.