Syrian Electronic Army attack causes pop-up turmoil across news sites

Pop-up chaos was unleashed across the web via various major news sites this afternoon, with the infamous Syrian Electronic Army pulling off one of its biggest attacks yet (certainly given the number of high-profile sites that were simultaneously affected).

Those websites included The Telegraph, Evening Standard, Independent, Time Out, PC World, Forbes, and CNBC among others, and the reason the incident was so widespread is because the hackers hit the Gigya customer identity management platform used by all of these sites.

The Register reports that visitors to the news sites in question received a pop-up message which stated that “You’ve been hacked by the Syrian Electronic Army (SEA)”, which must have caused a number of hearts to shoot up into mouths across the web surfing world.

Of course, the user’s computer or indeed the news sites hadn’t been hacked at all, rather the Gigya platform was the point of compromise.

Gigya explained that earlier today at 06:45 EST (just before midday our time), it noticed “sporadic failures with access to our service”. The organisation than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigya’s CDN domain, instead redirecting to their own server, which distributed a “socialize.js” file, namely the pop-up seen by everyone.

Gigya stated: “To be absolutely clear: neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised. Rather, the attack only served other JavaScript files instead of those served by Gigya.”

The DNS situation was rectified inside of an hour, but people may have still experienced the pop-up for some time after that, as Gigya explained that the fix would take some time to filter through fully. It should certainly be all cleared up by now, though.

Image Credit: The Register