The Onion tells how Syrian Electronic Army hacked its Twitter

It is not every day that you can say "Pwned by The Onion" but we can say that The Onion got pwned, for being very relaxed in their security procedures.

ArsTechnica has the story.

On Monday, the "hacktivist" group Syrian Electronic Army briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli "joke" stories and an anti-Obama "meme" image. The Onion returned fire with its own joke story, "Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels."

Putting all jokes aside, The Onion's technology team yesterday made a post describing how the SEA had managed to compromise the accounts of a number of employees and take control of the Twitter feed-a series of phishing attacks that took advantage of the organization's use of Google Apps.

phishing is one of the leading causes behind identity theft and all it takes is a single person clicking on a bad link to have everything stolen from you.  As you can imagine even emails from trusted sources cannot be trusted since embedded malware can send messages to your entire contact list an even use existing emails as a template. 

Lesson to learn here is to learn how to spot the fake and if all else fails never NEVER click on a link in an email especially when that email is asking you to verify your account information or sending you status updates.  Those URLs are easy to swap in the source code and without peaking at the URL you may never know.

Related Web URL:


comments powered by Disqus