Reuters's Twitter, WordPress accounts hacked by apparent pro-Syrian government attackers

Filed Under: Featured, Vulnerability

ReutersAttackers posting pro-Syrian government messages took over the website for the Reuters news service on Friday, then struck again on Sunday to take over one of the Reuters Twitter accounts.

During the first attack, the intruder posted fake news stories on the Reuters site, including an alleged interview with a Syrian rebel leader.

On Sunday, attackers next seized control of the @ReutersTech Twitter account, which has about 17,000 followers. has published the 22 posts that the attackers quickly spit out after changing the name of the Twitter feed to @ReutersMe.

The posts included a false statement about an imminent rebel exodus from Aleppo, as well as a bogus item about US President Barack Obama banning further investigation of 9/11.

Attackers posted from a Reuters Twitter account

A sample of the posts:

  • Reality Check: Is Al-Qaeda An Enemy Or Not? FOX news asks, #Americans left wondering: Is #AlQaeda An Enemy Or Not
  • White house spokesperson says financial and technical support given to #AlQaeda operatives in #Syria.
  • Why Is the U.S. Government Funding Islamic Terrorists Who Are Killing Christians?
  • Obama signs executive order banning any further investigation of 9/11.
  • FSA commander Riyad Al Asaad states a tactical withdrawal from Aleppo imminent

Reuters's main Twitter feed, @Reuters, tweeted on Sunday that the @ReutersTech account had been suspended and "is currently under investigation."

@Reuters also tweeted that the fake post about the interview with a rebel leader was posted to a Reuters journalist's blog page:

"A false blog posting, purporting to carry an interview with the head of the Free Syrian Army Riad al-Asaad ... was illegally posted on a Reuters journalist's blog page"

According to news accounts, the fake interview was on a Reuters webpage for about six hours.

WordPressThe Wall Street Journal subsequently checked with a WordPress developer who said that Reuters had been running on a version with known security issues.

Mark Jaquith, whom the WSJ identified as one of the lead developers of the WordPress core and a member of the WordPress security team, said in an email exchange that Reuters was using version 3.1.1 instead of the current version, 3.4.1.

Jaquith noted that the WordPress platform includes update notifications and a self-updating feature to help customers stay up-to-date with security patches.

If organisations such as Reuters are running on an outdated, insecure version, they've got nobody to blame but themselves.

As Jaquith said:

"If organisations ignore those notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches."

It's a hard lesson to learn, but if Jaquith was right and Reuters was in fact guilty of running on an outdated version, I'll bet they'll pay a lot more attention to staying on top of updates in the future.

As Sophos's Chester Wisniewski has noted, unpatched WordPress versions are "rife with malware."

Don't wait to be pwned to learn that lesson.

, , , , , , ,

You might like

One Response to Reuters's Twitter, WordPress accounts hacked by apparent pro-Syrian government attackers

  1. Mark ยท 1161 days ago

    Many people subscribe to the "if it ain't broke, don't fix it" philosophy - especially for critical pieces of the infrastructure where a bad patch can do a lot of damage. Sadly it is much easier to simply not do a patch then do all the labor-intensive due diligence of testing, backups and backout procedures.

    Unfortunately it tends to snowball and before long things are hopelessly behind and the labor/time to bring it back up to spec are not usually approved unless something catastrophic occurs. It can be a self-defeating cycle.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.