Syrian Electronic Army Attacks Forbes Website, Steals User Info

[Turk]

By Arik Hesseldahl February 14, 2014, 2:46 PM PST
The Syrian Electronic Army has broken into the website of business magazine Forbes and claims to have made off with a million user account names and passwords, according statements and screen shots posted on the group’s Twitter feed.

The group, which claims to to support the regime of Syrian President Bashar al-Assad, said on Twitter that it had downloaded a database containing the user names and passwords of more than a million Forbes.com users. It initially offered to sell the database, but now says it will publish it on the Web.

The Forbes attack is the latest in a series of attacks by the SEA on the websites and Twitter accounts of Western media organizations that has included the BBC, CBS, The Financial Times, The New York Times and even The Onion. It typically breaks into these accounts and spreads pro-Assad propaganda messages and information that casts opposition groups in a negative light.

Forbes acknowledged the attack through a spokeswoman but gave few details beyond saying that its publishing platform was where the attack took place.

“Forbes.com’s publishing platform was compromised. We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content. We are looking into and monitoring the situation closely. We’re taking this matter very seriously,” the Forbes spokeswoman said in an emailed statement.

Forbes has not yet confirmed the theft of user account information and the company did not immediately return calls seeking more details on the extent of the breach. A sign-in screen for user accounts was not working as of 5:30 PM New York time.

A person familiar with the situation, but who asked not to be named, confirmed to Re/code that sign-ins for external users of Forbes’ WordPress blogging system has been disabled for all outside contributors for now. The site accepts contributed articles from numerous outside contributors in addition to stories written by staff writers.

What’s different about this attack is that the SEA, based on what it shows in its screen shots, appears to have tried to edit stories on the Forbes.com Web site. It claimed that two Twitter accounts were also breached: @ForbesTech, and that of the magazine’s social media editor Alex Knapp, though there’s no Tweets in the relevant streams indicating that.

It also said that it can “thank Alex Knapp” for the attack but didn’t elaborate.

As you can see from the image shown on Twitter below, the group appears to have obtained administrative access to the Forbes.com WordPress account. It also produced a one-line story under the byline of Forbes editor Tom Post that reads “Hacked by the Syrian Electronic Army.” The URL where that appeared is now showing a 404, but it’s still findable via Google’s cache. I took a screen grab, which you can also see below.

It’s been a busy February for the Syrian Electronic Army. Last week it tried but failed in its attempt to hijack Facebook’s domain name and redirect its traffic to another site. In the end it proved it could edit information about the Facebook domain in the database of registrar MarkMonitor, but not much else.

The breach comes at a delicate moment for Forbes. The company is in the late stages of a sale process. Earlier this week Bloomberg News reported that parent company Forbes LLC was expecting final buyout offers from two Asian media companies, China-based Fosun International, Ltd. and Singapore’s Spice Global Investments. German publisher Axel Springer was also said to be in the mix. It’s said to be seeking about $400 million.

Full disclosure: I worked for Forbes as a senior editor and columnist on the website from 2000-2005.
http://recode.net/2014/02/14/syrian-electronic-army-attacks-forbes-web-site-steals-user-info