The websites of UK newspapers the Independent, the Telegraph, and the Evening Standard, as well as a handful of other high-profile sites, have been hacked by the Syrian Electronic Army. Other victims include OK magazine and the official National Hockey League website. Some visitors to these sites were presented with a pop-up, saying, “you have been hacked by the Syrian Electronic Army”. It is thought that they exploited a flaw in the sites’ ad delivery network.
A security consultant at Kroll Cyber, Ernest Hilbert, is familiar with the exploit used, saying, “it was Gigya.” Gigya is a tech company that offers customer identity management for websites. The Syrian Electronic Army exploited a vulnerability with the Gigya CDN that allowed it to change the DNS entry. Hilbert continues, “It is a DNS takeover, and this is what the Syrian Electronic Army does. Normally, you type in a URL, it goes to a domain name server, and it says ‘those words equal this website”.
The attack fits the pattern of past Syrian Electronic Army hacks; news and entertainment outlets compromised, but with no particular political agenda at play. Past targets include BBC News, Al Jazeera, The Washington Post, and The Onion.
Source: The Guardian