Skip to main content

Syrian Electronic Army hijacks CNN social media accounts

US broadcaster CNN has fallen victim to an attack by the Syrian Electronic Army (SEA), with several of its social media accounts and blogs compromised.

It is the latest high profile organisation to be targeted by the hacker group and follows similar security breaches to Microsoft's social media accounts earlier this month.

Related: Syrian Electronic Army in new Microsoft hack

One of the posts on CNN's main Twitter account stated: "Syrian Electronic Army was here...Stop lying... All your reports are fake!"

The group which claims loyalty to Syrian president Bashar al-Assad also posted messages referring to US president Barack Obama as "the lord of terror".

It is understood that the SEA was able to gain access to CNN's Hootsuite account, an online tool used to manage social media accounts. Through this it was able to briefly take control of CNN's main Twitter and Facebook accounts, as well as CNN Politics' Facebook account and several blogs.

Experts believe that the method used to compromise such accounts is through relatively unsophisticated phishing scams that target employee's email addresses.

Rick Ferguson, vice president of security research at Trend Micro, previously explained to ITProPortal his understanding of how such attacks from the SEA took place.

"Key individuals in the target enterprise would have received well-crafted and convincing emails, either with a malicious file attached, or containing a credible-looking link," Ferguson said.

"Once compromised through either infection or phishing, then the account usernames and passwords would be available to the attacker, allowing further malicious activity."

Unless a way to protect against such attacks is introduced, it is unlikely to be the last.

"These are high profile organisations, which is why they have been targeted," said Thomas Pederson, CEO at cloud-based security firm OneLogin.

"This is another reminder that organisations should think about their access control and password policies, otherwise there is the potential for attacks to be successful.

"Hacks like this can often be avoided with proper Password Vaulting or cloud-based Identity and Access Management solutions."