(Photo: Brendan Smialowski, AFP/Getty Images)
Byron Acohido and Roger Yu, USA TODAY
SEATTLE (USA TODAY) - Middle Eastern hackers infiltrated a popular Internet news delivery service, giving them possible access to some of the largest U.S. news sites on Thursday.
An online group called The Syrian Electronic Army, representing supporters of Syrian President Bashar al-Assad, hacked the Internet service of Outbrain, a content recommendation company whose software "widget" is embedded in the websites of several major publications.
As a result, the websites operated by three Outbrain clients - The Washington Post, Time and CNN - contained messages that referred to the SEA.
USA TODAY is also an Outbrain client, but its site was not affected.
That development - combined with the hack of the Twitter accounts of several New York Post reporters on Tuesday and the website outage of The New York Times on Wednesday - is being viewed by some security experts as evidence that major U.S. news outlets have now emerged as prime targets for nation-state adversaries of the U.S.
The New York Times attributed its outage to a server problem.
"It's starting to look like there's an organized campaign targeting major U.S. media outlets," says Tom Kellermann, Trend Micro's vice president of cybersecurity. "It's not clear whether their end game is to target reporters' sources or to use the news sites as watering holes (to infect patrons.)"
In a statement, Emilio Garcia-Ruiz, managing editor of The Washington Post, confirmed that "some articles on our website were re-directed to the Syrian Electronic Army's site for a period of about 30 minutes" Thursday morning.
Garcia-Ruiz pointed out a tweet by SEA that claimed it used Outbrain as a vehicle for the attack. "We have taken defensive measures and removed the offending module," Garcia-Ruiz wrote. "At this time, we believe there are no other issues affecting the site."
A few days ago, Post newsroom employees were targets of a phishing attack that was allegedly by the Syrian Electronic Army, Garcia-Ruiz said. "The attack resulted in one staff writer's personal account being used to send out a Syrian Electronic Army message," he said.
CNN also confirmed Thursday that an Outbrain headline widget used by its international website, CNNi.com, ran headlines referring to SEA. The widget was subsequently removed. Its main website, CNN.com, was not affected, the company said.
"The security of a vendor plug-in that appeared on CNNi.com was briefly compromised today. The issue was quickly identified and (the) plug-in disabled," said CNN spokesman Matt Dornic.
Time didn't reply to requests for comment.
Outbrain issued this statement: "We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely. We are working hard to prevent future attacks of this nature."
Gunter Ollmann, chief technology officer at computer security firm IOActive, observes that as websites continue to embed content streams from third parties and other affiliates, "this type of hack can taint many of the more secure and popular sites on the Internet."
Starting last fall, U.S. financial institutions have been hit by three waves of massive denial-of-services attacks, shutting down their consumer websites for extended periods, despite heavy investments in security technology. An Islamic group claimed responsibility. Experts say that those outages may have helped cover large-scale hijacking of funds from online accounts.
"Now we're seeing our geopolitical adversaries moving on to wage a campaign against major U.S. media outlets," says Kellermann. "The U.S. military cannot protect private corporations from these types of attacks. So targeting media is a cultural vulnerability being exploited by the enemies of the U.S. The irony is that we believe in freedom of speech. Our enemies are showing they can control that."