The Syrian Electronic Army appears to have hacked into accounts belonging to the NPR media network, and defaced news stories overnight.
A Google search for the phrase “Syrian Electronic Army Was Here” reveals some evidence of webpages that were hit in the attack.
The good news is that NPR appears to have cleaned-up the affected webpages, some of which were carrying news of the explosions at the Boston Marathon.
The motive for the hack is unclear, although it’s likely that the hackers have not been impressed with NPR’s coverage of the situation in Syria. But the Syrian Electronic Army appears to have no desire to explain what made them hack the site.
To their credit, NPR has published an article describing the hack, and issued the following statement:
"Late Monday evening, several stories on the NPR website were defaced with headlines and text that said 'Syrian Electronic Army Was Here.' Some of these stories were distributed to and appeared on NPR Member Station websites. We have made the necessary corrections to those stories on NPR.org and are continuing to work with our Member Stations. Similar statements were posted on several NPR Twitter accounts. Those Twitter accounts have been addressed. We are closely monitoring the situation."
The Syrian Electronic Army’s Twitter account posted an image of what appeared to be an internal NPR email about the hack, seemingly indicating that the hackers have accessed the email account of an NPR employee.
If the Syrian Electronic Army had hijacked the account of an NPR staff member, that might explain how they managed to change news stories and hijack the organisation’s Twitter accounts.
No doubt NPR is investigating that possibility right now, and will be exploring what extra security they can put in place to protect their email accounts and publishing system.
Of course, it’s not the first time that the Syrian Electronic Army has made headlines in the computer security world.
Last month, for instance, the group – which is said to support Syrian President Bashar Assad’s regime – hacked into the official BBC Weather Twitter account, and posted a series of bizarre messages.
Other organisations who are worried about their own accounts being hacked might want to consider more secure password policies and the possibility of turning on two factor authentication.
Here are two great podcasts where you can learn more:
Unfortunately there’s no two factor authentication for Twitter accounts – yet.
Furthermore, it wouldn’t be at all surprising if we see more attacks by the Syrian Electronic Army against organisations who have upset them. So, take the right steps now to reduce the chances of your firm being the next one to come under fire.Follow @gcluley