Recently, The Onion’s Twitter account was hacked by the Syrian Electronic Army, and people on Twitter were really confused. The Onion is one of the leading satirical news organization in the United States, so when they were tweeting about the Syrian Electronic Army, it was hard to tell whether or not they were actually hacked or if they were just playing a prank.
Turns out, The Onion was actually hacked, and they gracefully explained how it happened in an article.
We’ll go over it step by step for you. First, on May 3rd, the Syrian Electronic Army began to send phishing emails to a number of employees. As you can see from the screenshot from The Onion below, the email looks incredibly legitimate.
As you can see from the image, the email was sent to “undisclosed recipients,” which is already an alarming sign. Personally, I don’t click on links unless I do some research (checking the sender’s address, checking the other recipients, etc).
The link, which at least one Onion employee clicked on, led to this URL (WARNING: DON’T GO TO THE URL):
http://hackedwordpresssite.com/theonion.php
Which led to this site (WARNING: DON’T GO TO THE URL):
http://googlecom.comeze.com/a/theonion.com/Service.Login?&passive=1209600&cpbps=1&continue=https://mail.google.com/mail/
This URL asked for approval to access Google Apps before going back to the normal Gmail screen.
So, because of this, the SEA had access to an Onion employee’s account, which they used to send an email from that account to other Onion staff members at 2:30 Am on Monday, May 6. Since it was coming from another employee, many people clicked on the link provided, but most didn’t enter their information. But, unfortunately, two employees did enter their login info, including someone who had access to all of The Onion’s social media accounts.
Then, after people at The Onion realized that an account was hacked, they sent a company-wide memo to change email passwords ASAP. But, the attackers used their access to a different account to send another email of a phishing webpage disguised as a password reset link.
Finally, after The Onion’s editorial staff — who were under the impression the hacking threat was dealt with — published articles like “Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels,” which angered the attackers, who then launched the attack on The Onion.
How can you defend against such a sophisticated cyberattack? The Onion offered four steps:
1) Make sure users are educated and suspicious of all links that ask for login credentials
2) Email addresses for your social media accounts should be on a system separate from your organization’s normal email. This will keep your Twitter and other social media accounts safe.
3) You should use a Twitter app like HootSuite or TweetDeck
4) Have a way to contact your employees outside of your organizations email address (a personal email)
If you have any other tips of defending against cyberattacks, or anything else, let me know at ian@heavy.com.