Twitter hack unveiled: The Onion discloses phishing emails involved
The Syrian Electronic Army (SEA) has compromised The Onion's Twitter account in a phishing attack that exploited human trust rather than a direct technical vulnerability.
According to reports, the attack began with emails containing a malicious link being sent to journalists and The Onion's staff members before the breach. These emails appeared to come from strange, outside addresses.
At least one Onion employee fell for the initial phishing attack, clicking on the malicious link and inadvertently revealing their login credentials. The attacker then sent a duplicate email with the malicious link, successfully harvesting three more account log-ins from two additional staff members who were tricked into entering their details after receiving the link from a trusted email address.
One of these harvested accounts was used to continue owning The Onion's Twitter account, with the SEA posting several tweets before the account was regained by The Onion's tech team.
The attack was reportedly in response to a parody story by The Onion about Syrian President Bashar Al-Assad. The SEA has previously targeted other media outlets, including The Guardian, the BBC, and the Associated Press.
Last month, the SEA successfully compromised the Associated Press's Twitter account and posted a bogus Tweet about explosions in the White House, triggering a "flash crash" on the US stock market.
In response to the attack, The Onion's tech team has advised other organizations to be vigilant against phishing attacks by emphasizing the importance of employee training, multi-factor authentication, up-to-date security protocols, and secure password management practices.
The team published emails that were sent in the run-up to the attack on their blog, urging other organizations to implement user education, use a separate email system for Twitter log-ins, use an intermediary app for posting to Twitter, and have a way to communicate with employees outside the official email system.
The link in the phishing emails appeared to direct to a page on the Washington Post but actually prompted users to enter their Google Apps login details. The exact content and payload of the emails were not provided in the search results.
The SEA has claimed responsibility for the attack, marking another instance of the group's cyber warfare tactics against media outlets.
- The Syrian Electronic Army's (SEA) cybersecurity attack on The Onion's Twitter account, which was initiated through a phishing campaign, underscores the importance of technology-based organizations implementing general-news worthy security measures like employee training, multi-factor authentication, and secure password management.
- The compromised Associated Press and Onion Twitter accounts by the SEA, both resulting from phishing attacks, serve as a reminder of the increased prevalence of cybercrime-and-justice incidents in the realm of technology, emphasizing the need for heightened cybersecurity measures to protect media outlets.
