News
Syrian Electronic Army Hacks Official US Army Website
June 2015 by Lancope
It has been reported today that the world renowned Syrian hacktivists from Syrian Electronic Army (SEA) hacked and defaced the official website of United States Army. Hackers left a deface page along with a message on the hacked US Army website, blaming the country for training and sending terrorists to fight the Syrian President Bashar Al Assad.
Please see below for comments from Lancope:
TK Keanini, CTO, Lancope: "The take away for everyone should be that, as one outsources and does business with partners, security practices must be considered. Outsourcing websites - whole or in part - still means it is your website and, when breaches occur, it is still your breach. Evaluate and monitor the security of your partners as if it were your own."
Gavin Reid, VP threat intelligence, Lancope: "TK is spot on with SEA. The hack of third parties to compromise the parent organisation is a well known tactic of SEA. They used this same technique to hack a DNS registrar and in-turn compromise Twitter, The New York Times and The Huffington Post. Similarly, the SEA previously compromised “OutBrain” - a third party content recommendation system that allowed SEA to inject their message into the Washington Post, Times and CNN. Looking at CNN there are over 300 separate web connections that occur when a user connects many to third party services. The content providers need to understand and ensure the integrity and security of all those connections."
