The latest victim of the Syrian Electronic Army is ShareThis.com, the popular sharing platform. ShareThis is only the latest in a long line of Internet companies targeted by the hacktivists.The hackers gained access to the GoDaddy account of ShareThis.com and altered the nameserver settings so that the site’s visitors would be redirected to the Syrian Electronic Army’s official website.
Cisco experts have been monitoring the situation and they’ve confirmed that ShareThis.com’s GoDaddy account had been overtaken by the hackers.
“A whois lookup informs us that the ‘sharethis.com’ domain name is registered at GoDaddy, and typically it has its nameservers pointed to Akamai. However starting on the 21st of August, the nameservers for ‘sharethis.com’ were pointed to nameservers used by the Syrian Electronic Army,” Cisco’s Jaeson Schultz noted.
On August 21, ShareThis representatives informed their customers on Twitter that their website was experiencing some “technical difficulties.” However, they didn’t mention anything about a hack, at least not publicly.
In addition to hacking ShareThis’ domain account, the hacktivists have also breached at least one company email account.
The Syrian Electronic Army has provided HackRead with a couple of screenshots showing email conversations between ShareThis staff.
The emails show that ShareThis was aware of the GoDaddy account hack. All employees were advised to change their passwords.
Up until recently, the Syrian Electronic Army has targeted media organizations directly. However, over the past few weeks, they’ve started targeting third parties – such as Outbrain and SocialFlow – used by media organizations.
Jaeson Schultz makes an interesting point: “This presents an interesting security dilemma for media organizations and their visitors. Essentially, being only as strong as their weakest link, media sites depending on third-parties for content have increased the chances of their users being compromised by attackers.”