Today’s cyber attack from the Syrian Electronic Army is just the latest in a rash of high-profile attempts by the organization to gain control of and disrupt major media outlets.
Unlike past efforts, today’s hack could have lasting, damaging effects.
According to Daniel Cohen, head of Online Threats Managed Services at RSA, a computer and network security company, the attack could have infected thousands — possibly millions — of users with potentially harmful malware. The hack, which infiltrated Outbrain, a third-party recommendation platform, gave SEA access to partner sites like The Washington Post, Time, and CNN and rerouted them to a SEA homepage. Any users redirected to the SEA homepage could have been potential targets.
“The scale of this attack — the possibilities here — I don’t even want to think about them because they’re so scary,” Cohen says. “They could’ve infected millions of users on these high-trafficked sites like CNN. Some of the visitors were being redirected to the SEA site, and any number of things could have happened. They could’ve been infected with malware; possibly other media outlets and businesses could’ve been infected.”
While Cohen took pains to note that it’s still quite early into the investigation of the hack, he notes that it’s entirely possible even government networks could’ve been compromised. “The next notch up here is the government offices. Employees checking news on CNN getting infected with malware makes it possible they could steal information and data or documents if they knew how. Even with the simplest malware today you can run the camera on a laptop and take pictures without the user knowing. This kind of attack is really an eye-opener,” he says.