How the Syrian Electronic Army Hacked The Onion 91
Nerval's Lobster writes "For comedy publication The Onion, a recent cyber-attack by the Syrian Electronic Army was no laughing matter. The SEA managed to compromise The Onion's Twitter account, plastering it with insults aimed at the United Nations, Israel, and Syrian rebels. 'UN retracts report of Syrian chemical weapon use: "Lab tests confirm it is Jihadi body odor,"' read a typical (and perhaps one of the more printable) ones. When the Tweets appeared, some Onion Twitter-followers questioned whether the newspaper was playing some sort of elaborate meta-joke, perhaps riffing on a recent series of high-profile cyber attacks. But the SEA was serious, and so was The Onion about flushing the attackers from its systems. In a new posting on theonion.github.io, the publication's IT crew details exactly what happened. On May 3, attackers from the SEA fired off phishing emails to Onion employees, at least one of whom clicked on a malicious link. From there, the attackers compromised a handful of systems. 'In total, the attacker compromised at least 5 accounts,' the account concluded. 'The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website.' But following the crisis, The Onion couldn't resist swiping at its attackers. 'Syrian Electronic Army Has a Little Fun Before Inevitable Upcoming Deaths at Hands of Rebels,' read the headline for a May 6 article that described a fictional massacre of the SEA in gruesome detail."
They had more important business to attend to (Score:4, Funny)
They released a UI enhancement Javascript library. [github.io]
I read the Onion, I thought it was a joke (Score:2)
Re: (Score:1, Flamebait)
No, they really didn't think it through. Like all script kiddies, they do it because getting metasploit and/or hanging around irc channels for weeks means you eventually use someone elses work to temporarily control a twitter account, take shit there and make yourself look like something of a tool, and then lose control of the account. I guess some people are born to die virgins.
Re: (Score:3, Funny)
Boy the Onion writers are just phoning it in now.
Re: (Score:1)
Put your money where your mouth is? I don't think you understand what is being said here. As far as what someone is doing about it? Maybe showing a little respect for all life instead of just American life? That's my guess.
twisted "humor"(?) (Score:2, Interesting)
Actually, the Onion's "joke" article on the rebels massacring the SEA sounded a little disturbingly vindictive and twisted. Who knows if some real life fanatics won't take inspiration from that "joke"(?) article to make it happen in real life. How would the Onion look then?
Re:twisted "humor"(?) (Score:5, Funny)
How would the Onion look then?
Prescient?
Re: (Score:2)
Re: (Score:2)
honestly I dont see a problem if someone did take the joke and go after the rebels
Um, it would be the rebels executing the government supporters, in fact.
The hacking was done by pro-government Syrians.
I hope I'm not the only person who finds the idea of a "joke" about people being horribly murdered by rebels who we in the West are supporting somewhat disturbing.
Re: (Score:2)
That's in contrast to the normal day-to-day inflammatory crap they post in an attempt to be funny. - so I can see how you could get confused...
(wow... i would not have guessed when I woke up this morning that I'd be posting on slashdot in support of the staff of The Onion... what a weird day)
Re: (Score:2)
I dunno, it seems like they have good reasons [wikipedia.org] to be pissed off.
Re: (Score:2)
Re: (Score:2)
Your previous post not only took sides, but also said that "they should be stopped". And now you're backpedaling and saying "we" shouldn't get involved. Are you perhaps an (underperforming) member of Syrian Electronic Army?
Re: (Score:2)
frankly as an american, im sick of america playing world police, let them do what they do, if they kill each other, so be it, this goes for any country. Sounds heartless but plain and simple we cant afford it
Re: (Score:3)
How would the Onion look then?
Smugly pleased.
Re:I read the Onion, I thought it was a joke (Score:5, Insightful)
Why would they target the Onion!? Do they not 'get it'?
Chances are, no, they seriously don't get it.
Think about it: In that area of the world, news is generally controlled by official government channels. I'm talking supposedly-legitimate sources which unironically use definitive, unambiguous phrases like "The Truth Of $NATION", "$NATION's One Voice", or The Onion's own "$NATION's Finest News Source" as their taglines. Then, add in the fact that a lot of what The Onion and other humor sources (i.e. The Daily Show) do are largely unheard of in these nations; direct mockery of the government is the sort of thing that gets a guy and his whole family beheaded in public out there. They might plain and simply not be used to that manner of humor.
So, without the benefit of a culture that's accustomed to ironic sarcasm and mocking tones in print, combined with a lack of knowledge of how the US really works, and definitely without understanding the counter-cultural significance of The Onion in the first place, I can imagine them looking at this site which boldly proclaims itself to be "America's Finest News Source", presenting articles in a very dry, almost authoritative tone (to people unfamiliar with the English language or American culture), and seemingly chock full of news, and assuming this is a real thing and that attacking it will help get their message out to the important, news-reading people of what they consider to be the most powerful nation in the world.
Re:I read the Onion, I thought it was a joke (Score:5, Insightful)
This is wildly incorrect. You could tell form their posts that the Syrians knew exactly what the Onion was and were actually writing Onion-style headlines to promote their point of view. "UN admonishes Syria for getting in way of Jewish missles," that sort of thing.
Re:I read the Onion, I thought it was a joke (Score:4, Insightful)
Middle-East != North Korea
You and your family would not get beheaded in public under Assad for talking against the regime. It is quite ironic that Assad was actually quite a progressive leader compared to the US allies in the region (USA's Best Friends Forever Saudi Royal Family and Mubarak). While my whole heart goes to anyone seeking true democracy, a lot of the reason why Syria is in such a mess is because Assad is an Iranian ally supporting Hezbollah, and Israel and the West want that support for Hezbollah and Iran to go.
Of course now Assad has crossed the line and there is only one way this will stop, he must go one way or the other. Only thing US and Israel didn't seem to calculate at first is that what's going to come after him is much, much less friendly. They're just starting to realize that now. As one commentator put it, "The Muslim Brotherhood leadership is waiting in hotels in Turkey, ready to take the reins once Assad is gone". Once again, we've played a role in overthrowing a secular regime and replacing it with an Islamist one. We're getting good at this.
However you are right that many middle-easterners "don't get" western humor. Some see things like that and believe it is serious. Also, while here in the west you can openly joke about religion and God (even Christianity), they would not think those kind of things are funny. As usual, we say we're right and they're wrong. Truth is it's just a cultural difference and cultures are bound to clash in an open world with an open internet. It's not just between Westerners and Middle-Easterners though. I'm sure Chinese people look at American shows and think "WTF is honey boo boo? Jersey shore? USA dogs!"
Re: (Score:1)
Re: (Score:3)
Why would they target the Onion!? Do they not 'get it'?
The tyrant fears the laugh more than the assassin's bullet. -- Robert Heinlein
Re: (Score:1)
> The tyrant fears the laugh more than the assassin's bullet. -- Robert Heinlein
The probably fear the rebels more:
http://www.theonion.com/articles/syrian-electronic-army-has-a-little-fun-before-ine,32324/ [theonion.com]
Re: (Score:2)
Related Article (Score:3)
Re:Related Article (Score:5, Funny)
In related Onion news: We Were Going To Take Over The ‘Onion’ Website, But It’s A Real Mess With All Those Ads [theonion.com]
I'm not sure what the SEA really expected to accomplish here.
The funny part is that if the Onion had just remained silent on this subject people would still be wondering whether they had actually been hacked or whether this is simply gigantic practical joke.
Re: (Score:3)
The funny part is that if the Onion had just remained silent on this subject people would still be wondering whether they had actually been hacked or whether this is simply gigantic practical joke.
Are you really sure it isn't?
Re: (Score:2)
Re:Related Article (Score:5, Funny)
My favorite response was Onion Twitter Password Changed To OnionMan77 [theonion.com] ('That Ought To Do It,' Company Sources Confirm). Your link wasn't bad either, though. I love The Onion.
The trouble with using Google accounts (Score:2)
This is where Google's single-signon approach backfires. The attack obtained login credentials for employee email accounts. Those credentials allowed them to do much more than access personal email - they could access other Google-hosted assets.
Re:The trouble with using Google accounts (Score:4, Informative)
most two-factor authentication schemes i've seen so far require users to have either a physical dongle that provides keycodes, a mobile phone capable of receiving SMS messages, or a smartphone app.
most users i've seen can't be bothered to take this "inconvenient" step to secure their accounts. i hope Google makes the two-factor login a requirement soon, but they're going to get some pretty tough pushback from the lazy.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
Personally I just dont' want google to have my mobile phone number. They know too much already.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Personally I just dont' want google to have my mobile phone number. They know too much already.
Use the authenticator app, then, if you have a smartphone.
Re: (Score:2)
Use the authenticator app, then, if you have a smartphone.
My friend, you have located that which rubs. I don't want to use my smartphone because something might happen to my smartphone, which oh yeah, is also my cellphone.
Until I can get a keyfob token for backup, I'm simply not going to switch on two-factor authentication. I hack my phone and even if you don't sometimes they fail. (Hey, let's be realistic, some of these alternate roms just asplode. The one I am using is based on the same version that came with my phone and there are still sometimes issues.)
Re: (Score:2)
It's not like that's the only way that you can do 2 factor auth...
http://www.google.com/landing/2step/features.html [google.com]
Re: (Score:2)
...a mobile phone capable of receiving SMS messages...
I have yet to see an implementation of 2-factor authentication that uses this method; only poorly written articles by journalists who have misunderstood what they've read, and repetition of said articles by misinformed slashdot commenters.
Can you provide evidence of one that does?
Re: (Score:1)
Really? Google [google.com], my bank, and PayPal [paypal.com] all send me an SMS code to verify me (i.e. I log in with username/password, it either immediately texts me a code or has a button for texting me a code, then I receive an SMS with the code to type in to complete the authentication process). My bank and PayPal do it on every login. Google does it the first time I use a device (used to be every 30 days as well, but they seem to have stopped that).
I don't have an Android or iOS phone, but I do have an unlimited texting plan
Re: (Score:1)
I know that Yahoo! uses SMS messages as part of their 2-factor authentication. Whenever I log on to my Yahoo! account from a new device they require me to enter a code, the code can either be sent to an alternate email address or to my phone. This is what you are talking about right?
http://www.zdnet.com/blog/security/yahoo-mail-introduces-two-factor-authentication/9846
Re: (Score:2)
Google offers SMS messaging as one of the methods for second-factor auth.
"you'll be asked for a code that will be sent to you via text, voice call, or our mobile app." (http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744)
There are actually a couple of other options as well, including a code via e-mail and a hardcopy list of pre-assigned one-time-use code, though they're mostly intended for recovery, in case you lose access to your phone. And you can also provide a backup phone numbe
Re: (Score:2)
I wonder why you used the double quotes there. Are you suggesting it is not inconvenient?
Assume it's a dongle. Go check your mail at work, on the road, while in a completely different country - whoops, left the dongle in the car, at home, in the other set of pants.
Note that the above is even just the dongle - who uses just a dongle? You'll also need a password for the dongle, lest the attacker actually has you
Re: (Score:2)
Print it out and put it in your wallet? No, no.. bad idea.
No, that's a good idea, and exactly what you should do. Yes, it means that an attacker who manages to get your password and your wallet can get into your account, but that's still far more secure than a password alone. If your alternative is not using a second factor because you're afraid you won't have it when you need it, you're far better off using two factor and keeping the list of backup code list in your wallet.
What we are seeing here (Score:1, Flamebait)
is that citizens of a once legitimate regime in Syria, fighting to get their story heard by the people of the world.
Ever wonder why the US and EU call the "Syrian" rebels "rebels", but the Mali rebels as "terrorists"? Why do we support the revolution of a sovereign country? Perhaps the revolution ISN'T for the good of the Syrian people, but good for the US, EU, and Israel?
Re: (Score:1)
Re: (Score:2, Informative)
And the USA the legitimate oppressor of the world.
Re: (Score:3)
As opposed to al-Nusra rebels? You know, the guys who are blowing up car bombs in Damascus, killing primarily civilians? The ones whose officer corps consists largely of al-Qaeda appointees?
Re: (Score:2)
There's been a few good articles on the topic including one just last week by the BBC, but Syria really is a cluster fuck.
The West (the US, Britain, France etc.) want to arm the Free Syrian Army because they believe part the reason al-Nusra has become so strong is that fighters joined it because it was the most succesful. Some elements of Western thinking believe that by arming, training and improving the FSA those fighters that are not inherently supportive of the Jihadis goals but joined them because ther
Peace has come to Zimbawe (Score:5, Interesting)
Perhaps the revolution ISN'T for the good of the Syrian people, but good for the US, EU, and Israel?
There's no reason it can't be both, there's also no reason to mod your factual observations as "flamebait". We are going to have to wait a decade or more to find out if the "Arab spring" changed anything for the better, I clearly recall people (as opposed to governments) in the west celebrating because Mugabe had come to power in Zimbabwe (Rhodesia), Stevie Wonder went so far as to sing about it. Their moral reasoning was sound at that time in history, but with 20/20 hindsight Stevie's claim that "Peace has come to Zimbawe" sounds foolish.
The political cynic in me thinks that western governments see two enemies fighting each other on their own territory. they are in no hurry to pull them apart.
Re: (Score:1)
...they are in no hurry to pull them apart.
Not as long as they can make a sale.
Re: (Score:2)
More spearphishing?! (Score:1)
Re: (Score:1)
Your link is broken, I wanted to see what Stacy was sending.
military/industrial complex electronic army (Score:2)
Assad's regime is supported by oil money from BP(English Crown) and Royal Dutch Shell ('royal' is in the name) going back to the 1600s when the Aristocracy was not hiding behind legal companies.
The oil comes from Iran and Syria and gets loaded onto boats in a port on the Mediterranean in Syria then sails to points west including your gas tank.
Re:military/industrial complex electronic army (Score:4, Informative)
1600s? BP and Royal Dutch Shell supporting a regime which didn't exist even before THEY existed?
Now THAT'S planning for the future!
Do tell how the Assad family is descended from the Ottoman Empire.
This will be interesting.
"This will be interesting." (Score:2)
fine, here:
"Assad's regime is part of a centuries-old supply chain supported by oil money from BP(English Crown) and Royal Dutch Shell ('royal' is in the name) going back to the 1600s when the Aristocracy was not hiding behind legal companies.
For another instructive look at how this works, examine the life of Reza Shah [wikipedia.org]. He did function as leader, but what concerns us is his status as **stooge for the oil interests**. His ideology is secondary...it's about what he will do with the oil.
Suckers, The Next War (Score:1)
..will be against Syria/Iran. Now wait for the jews to inflame you for it. All their "comedians" and "concerned NGOs" will work hard towards the goal of eliminating even token opposition to the jewish Apartheid state.
SEA (Score:1)
HAWKS!
I misread that completely (Score:1)
how the syrian electronic army hacked Tor.
And the comments and summary made no sense what so ever.
I guess Tor is a kind of onion as well.
How the Syrian Electronic Army hacked Windows .. (Score:2)
What OS did this nameless malware run on?
Re: (Score:2)
"On May 3, attackers from the SEA fired off phishing emails to Onion employees, at least one of whom clicked on a malicious link"
What OS did this nameless malware run on?
Malware? What decade are you from?
Send an email with a link to tw1tter.com, they enter their password, you capture it. Job done. All that's needed is a browser.