14 DAY TRIAL // A couple of days ago, the notorious Syrian Electronic Army managed to hack into the systems of The Onion, the popular news satire organization. After addressing the breach, the publication’s tech team published a post detailing how the hackers managed to gain unauthorized access to their systems.
It turns out that the hackers once again relied on phishing emails (see screenshot) to trick The Onion employees into handing over their passwords. At least 5 accounts were compromised by the hackers using a fairly unsophisticated method.
The links from the emails didn’t point to a Washington Post article, but to a Google Apps phishing website.
At least one employee fell for it and provided the hackers with a username and a password.
Once they had access to that staffer’s account, they started sending out more emails from it. Since this time the emails came from a trusted person, even more employees clicked on the links, two of which provided their credentials.
One of them had access to all of the publication’s social media accounts.
“After discovering that at least one account had been compromised, we sent a company-wide email to change email passwords immediately,” The Onion Tech Team explained in a blog post.
“The attacker used their access to a different, undiscovered compromised account to send a duplicate email which included a link to the phishing page disguised as a password-reset link. This dupe email was not sent to any member of the tech or IT teams, so it went undetected.”
At least two more accounts were compromised in this phase of the attack. This allowed the Syrian Electronic Army to keep accessing The Onion’s Twitter account.
Once editors started publishing satirical articles related to the hack, the hacktivists became angry and started posting screenshots of editorial emails on their own Twitter account.
Finally, the issue was addressed by forcing a password reset on every employee’s Google Apps account.