Syrian Electronic Army hacks NPR, vandalizes headlines

Filed Under: Featured, Twitter

NPR logoThe Syrian Electronic Army appears to have hacked into accounts belonging to the NPR media network, and defaced news stories overnight.

A Google search for the phrase "Syrian Electronic Army Was Here" reveals some evidence of webpages that were hit in the attack.

Syrian Electronic Army in Google search results

The good news is that NPR appears to have cleaned-up the affected webpages, some of which were carrying news of the explosions at the Boston Marathon.

The motive for the hack is unclear, although it's likely that the hackers have not been impressed with NPR's coverage of the situation in Syria. But the Syrian Electronic Army appears to have no desire to explain what made them hack the site.

SEA statement

To their credit, NPR has published an article describing the hack, and issued the following statement:

"Late Monday evening, several stories on the NPR website were defaced with headlines and text that said 'Syrian Electronic Army Was Here.' Some of these stories were distributed to and appeared on NPR Member Station websites. We have made the necessary corrections to those stories on NPR.org and are continuing to work with our Member Stations. Similar statements were posted on several NPR Twitter accounts. Those Twitter accounts have been addressed. We are closely monitoring the situation."

The Syrian Electronic Army's Twitter account posted an image of what appeared to be an internal NPR email about the hack, seemingly indicating that the hackers have accessed the email account of an NPR employee.

Internal email, posted by Syrian Electronic Army

If the Syrian Electronic Army had hijacked the account of an NPR staff member, that might explain how they managed to change news stories and hijack the organisation's Twitter accounts.

No doubt NPR is investigating that possibility right now, and will be exploring what extra security they can put in place to protect their email accounts and publishing system.

Of course, it's not the first time that the Syrian Electronic Army has made headlines in the computer security world.

WeatherLast month, for instance, the group - which is said to support Syrian President Bashar Assad's regime - hacked into the official BBC Weather Twitter account, and posted a series of bizarre messages.

Other organisations who are worried about their own accounts being hacked might want to consider more secure password policies and the possibility of turning on two factor authentication.

Here are two great podcasts where you can learn more:

Unfortunately there's no two factor authentication for Twitter accounts - yet.

Furthermore, it wouldn't be at all surprising if we see more attacks by the Syrian Electronic Army against organisations who have upset them. So, take the right steps now to reduce the chances of your firm being the next one to come under fire.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.