14 DAY TRIAL // Forbes has published a detailed timeline of the hack attack launched by the Syrian Electronic Army against the company. A member of the Syrian hacktivist group has also provided additional details on the operation.
Forbes’ Andy Greenberg revealed that the attack started with a phishing email sent to one of the company’s senior executives. The email appeared to come from a Vice Media account and carried a link that purported to point to a Reuters article about Forbes.
Because the executive received the email at 6:15 AM, she didn’t pay too much attention to it and took the bait. She entered her email credentials on a phishing site.
Once they had access to the executive’s email account, Syrian Electronic Army hackers used it to send out other phishing emails to Forbes staffers. An editorial staffer with super administrator privileges on the company’s WordPress publishing platform fell for it and provided his credentials as well.
He realized almost immediately that his details had been phished so he contacted Forbes’ IT department, which reset his credentials. A financial reporter also fell for a “stealthier version” of the phishing attempt.
Experts believe that the Syrian Electronic Army could have leveraged a cross-site request forgery (CSRF) vulnerability to publish a couple of posts on the financial reporter’s blog.
One of the posts read, “BREAKING: US Treasury declares all foreign T-bills void. Yellen to hold a press conference in 15 minutes.” The second one read, “Yellen to press: ‘We can no longer tolerate China’s currency manipulation’.”
A member of the hacker group, SEA Wr4th, told Forbes’ Kashmir Hill that the articles were published in an effort to divert attention while they gained deeper access.
Forbes’ IT staff kept trying to lock the hacktivists out, but couldn’t because the attackers had leveraged the WordPress “forgot password” function to regain access to a high-privilege account.
SEA Wr4th has told Hill that they could have caused even greater damage. The pro-Assad hacktivists published online the details of over 1 million Forbes readers, but the data was available only for around 24 hours.
Wr4th confirms that Forbes has been targeted because of its editorial content, particularly an article regarding SEA’s attack on a US Marines website, and one about adult content being found on the computers of the Syrian secret police.
The hackers had planned on publishing their own article on Forbes’ website, but they said “the time window was too small” and the company would have taken it down immediately anyway.
However, there’s still one piece of the puzzle that’s missing. A couple of days ago, Forbes’ Lewis Dvorkin revealed that hackers had tried to blackmail the company.
The email in question read something like this: “Hello Forbes. I found gabs in your servers thats allowed me to download all your databases. i can help you to avoid this again. but i want something in return like fees. the proof that i hacked your databases is this screenshot. its only 1 million user. NOTE: I have some roles. ROLE NUMBER 1. Do not delay in reply.”
It was signed by Ethical Spectrum, the hacker who last week hijacked some accounts of video game developer Supercell. However, Ethical Spectrum denied sending the email, saying that he had only learned of the attack on Forbes from SEA’s Facebook page.
SEA also denies sending the email in question. At some point, the hackers wrote on Twitter that they wanted to sell the data stolen from Forbes. However, SEA Wr4th said that it was only a joke.
“We don’t need money and we didn’t emailed you requesting ‘fees’ like you said in your article. We hacked more important websites than yours and we didn’t request anything,” he told Hill.