Hackers used advertising network to carry out the attack

Jun 23, 2014 08:10 GMT  ·  By

On Sunday, all readers trying to access any article on reuters.com were redirected to a landing page on a website controlled by the Syrian Electronic Army (SEA), supporters of Syrian President Bashar al-Assad.

The page contained the message in the image above, and this time, unlike other occasions, the Reuters website or employees were not at fault, as the hackers directed their phishing efforts towards the advertising network Taboola, that loads code dynamically into Reuters’ website in order to display recommendations.

According to Taboola, each month, their content discovery platform serves 130 billion recommendations to more that 350 million unique users on prominent websites such as USA Today, TMZ, Time and Fox Sports.

On the company’s blog, Adam Singolda, founder and CEO of Taboola, confirmed the intrusion and that it was carried out through phishing.

“While we use 2-step authentication, our initial investigation shows the attack was enabled through a phishing mechanism. We immediately changed all access passwords, and will continue to investigate this over the next 24 hours,” he writes.

It appears that the entire incident lasted for about an hour and all suspicious activity on the Taboola network has been eliminated since the breach.

“The breach was detected at approximately 7:25am, and fully-removed at 8am. There is no further suspicious activity across our network since, and the total duration of the event was 60 minutes,” informed Singolda.

As the message says, the attack was caused by the group’s belief that Reuters publishes fake reports and false articles about Syria.

The Syrian Electronic Army used Twitter to deliver the news that the articles on Reuters.com led to a page under their control.

SEA has attacked numerous media organizations over the past years and their attack methods include denial-of-service, website defacement and phishing. They are known for hijacking the Twitter accounts of Wall Street Journal, hacking several Microsoft services, as well as for breaching administrative accounts for Forbes website.

The members of the group are not affiliated to any governmental organization, but took upon themselves “the initiative of protecting the homeland and supporting the reforms of President Bashar al-Assad, who we see as the right option for our aspirations as youth.”

A while after letting their followers know about the attack, SEA posted on Twitter an image with the Taboola PayPal account:

Phishing campaigns are not to be taken lightly because the attackers can be very good at doing their homework on the target in order to reach their goal through social engineering tactics.