Today’s cyber attack from the Syrian Electronic Army is just the latest in a rash of high-profile attempts by the organization to gain control of and disrupt major media outlets.
Unlike past efforts, today’s hack could have lasting, damaging effects.
According to Daniel Cohen, head of Online Threats Managed Services at RSA, a computer and network security company, the attack could have infected thousands — possibly millions — of users with potentially harmful malware. The hack, which infiltrated Outbrain, a third-party recommendation platform, gave SEA access to partner sites like The Washington Post, Time, and CNN and rerouted them to a SEA homepage. Any users redirected to the SEA homepage could have been potential targets.
“The scale of this attack — the possibilities here — I don’t even want to think about them because they’re so scary,” Cohen says. “They could’ve infected millions of users on these high-trafficked sites like CNN. Some of the visitors were being redirected to the SEA site, and any number of things could have happened. They could’ve been infected with malware; possibly other media outlets and businesses could’ve been infected.”
While Cohen took pains to note that it’s still quite early into the investigation of the hack, he notes that it’s entirely possible even government networks could’ve been compromised. “The next notch up here is the government offices. Employees checking news on CNN getting infected with malware makes it possible they could steal information and data or documents if they knew how. Even with the simplest malware today you can run the camera on a laptop and take pictures without the user knowing. This kind of attack is really an eye-opener,” he says.
For now, it’s unclear what level of skill SEA has when it comes to an attack like this. Previous hacks, which targeted social media accounts through standard email phishing scams, have been far more contained. “So far the attacks seem more likely to simply annoy people than convince them of the group’s point of view,” Slate’s Will Oremus wrote after today’s events. For now, that’s largely true — most attacks have been little more than a PR initiative with very little potential for serious damage. However, today’s attacks hint at capabilities for the organization to execute a more insidious, dangerous campaign.
While Cohen notes that the “autopsy” for this kind of attack is ongoing and only in its early stages, he argues today’s events should call into question the hyper-connected nature of not just digital media organizations, but the entire online ecosystem.
“These organizations — you can see it clearly today — are just so interconnected, and the damage that a simple attack can cause is so big,” Cohen says. “The Outbrain attack shows just how delicate this connectivity is and is a sign we all really need to shift our mind-set when it comes to cyber security.”