A social media profile used by the cable news channel CNN was briefly compromised Thursday afternoon in a cyber attack thought to have been perpetrated by a pro-Syria group.
Anti-U.S. messages began appear on the Twitter account @CNN shortly before 6 p.m. ET. The messages bore the hallmarks of the Syrian Electronic Army (SEA), a group that has claimed responsibility for cyber attacks against western news organizations in the past.
“Stop lying,” one tweet published on @CNN read. “All your reports are fake!”
Another series of tweets accused U.S. President Barack Obama (identified as “Obama bin Laden,” a portmanteau of the names Barack Obama and Osama bin Laden) of being the “lord of terror” who defamed Syria by allegedly asserting that the country was controlled by the terror organization al-Qaeda. A follow-up tweet accused the CIA of funding al-Qaeda.
CNN was quick to scrub the tweets from their account. Their public relations department later posted a message confirming the attack.
“We have secured those (compromised) accounts and are working to remedy the issue,” CNN said.
SEA hacker “Th3Pr0” sent several screen captures of the CNN hack to The Desk Thursday evening. The images show hackers briefly had access to a compromised Hootsuite account used to publish news on CNN’s various social profiles, as well as a WordPress account used to post entries on several CNN blogs.
For nearly two years, the group has claimed responsibility for cyber attacks against other western news organizations, including Agence-France Presse, Thomson Reuters, The Guardian and Deutsche Welle.
In nearly every case, hackers with the SEA utilize phishing campaigns to take over email accounts associated with newsroom employees. Compromised email accounts are then used to send messages to other newsroom employees, often containing an editorial request and a link to what appears to be the login site for the company’s webmail service.
The process is repeated until SEA hackers hit upon an email account associated with a social media profile used by the company. After obtaining credentials to the profile, SEA hackers then post a variety of anti-US messages on the accounts.
This method was used when the group compromised two social media accounts and various blogs run by Thomson Reuters in 2012; the SEA took credit for the compromise in an interview last May (note: the author of this piece worked for Thomson Reuters when the attack occurred and was part of a team established to identify the cause of the compromise and the prevention of future attacks).
Another attack in April 2013 briefly caused the Dow Jones index to lose over 100 points after an errant tweet from a compromised Associated Press Twitter account claimed President Obama had been injured in an explosion at the White House. The index recovered after it became apparent the tweet was a hoax.
In recent weeks, the SEA took a break from hacking news organizations, focusing their attention on Seattle-based Microsoft corporation. In messages posted on various compromised Twitter profiles and blogs, the group accused Microsoft of “spying” on its customers.
Last week, Microsoft admitted some employee email accounts had been compromised. The company said user data of its customers did not appear to be affected.