Syrian Electronic Army Takes Another Poke at Microsoft
The SEA's pummeling of Microsoft may mean the group is identifying it as a soft target, which could set it up for a more serious cyberattack in the future. The core problem seems to be the difficulty in recognizing and thwarting phishing attempts, which can be quite sophisticated. Social engineering tactics are often a hacker's best friend, suggested tech analyst Chris Rodriguez.
Jan 22, 2014 10:11 AM PT
The Syrian Electronic Army, which is notorious for launching cyberattacks against the media, on Monday defaced the Microsoft Office blog site.
It posted a screenshot of its mischief on its Twitter site.
The hack occurred after Microsoft redesigned the blog site following an SEA attack earlier this month.
"A targeted cyberattack temporarily affected the Microsoft Office blog and the account was reset," Dustin Childs, group manager for trustworthy computing, told TechNewsWorld.
No customer information was compromised, and Microsoft "continues to take a number of actions to protect our employees and accounts against this industry-wide issue," Childs said.
That last statement might look as if Microsoft is trying to avoid being seen by hackers as ripe for the plucking -- and for good reason.
The SEA this month also hacked into Microsoft's Twitter account, the official Xbox support Twitter account, and the official Skype blog and Twitter account.
The attacks "can definitely be a signal to other hacker organizations, saying 'Microsoft is a soft target, direct your efforts here,' and that could lead to a particularly pernicious cyberattack," said Chris Rodriguez, network security senior industry analyst at Frost & Sullivan.
How It Went Down
The SEA attacked the Microsoft Twitter sites for Xbox and MSFTNews Jan. 11, while staffers were changing passwords on @MSFTNews, according to an internal email from Steve Clayton to his colleagues.
Microsoft staff found a Bitly backdoor used by the hackers and was addressing the issue at that time.
The Monday hack indicated that SEA may still have access to Microsoft's sites.
"Changing the CMS will not help you if your employees are hacked and they don't know about that," SEA tweeted.
Monday's hack should come as no surprise. "We didn't finish our attack on @Microsoft yet, stay tuned for more," the hackers tweeted Jan. 15.
Phishers of Men
The SEA phished some Microsoft employees, The Verge reported.
"There will be times when the weakest link in your business is not the hardware and software, it's the people who randomly click on links," remarked Tommy Chin, technical support engineer at Core Security.
"Phishing and other social engineering attacks are proving to be the most effective attack vectors for hackers," Frost's Rodriguez told TechNewsWorld. "People have jobs to do, time constraints and productivity targets, and security processes often hinder these goals. As a result, employees look for ways to simplify these processes, either by using weaker and easier-to-remember passwords or easily guessed security answers."
The SEA's Agenda
The Syrian Electronic Army is believed to consist either of hackers who sympathize with Syrian president Hafez Assad's government or to be a unit of the Syrian army.
It previously has claimed that the portrayal of events in Syria, particularly by Western media, is inaccurate, and it has disputed U.S. assertions that Assad's regime used chemical weapons. It also has warned that the Syrian conflict might spread to other countries.
The SEA has previously taken down the websites of The New York Times, The Associated Press, The Guardian and The Financial Times. It briefly took over Twitter's domain name system servers.
The group announced Jan. 16 that it had hacked 16 Saudi Arabian government websites.
However, on Jan. 15, SEA's website was breached by a Turkish hacker who goes by the handle "TurkGuvenligi."
The two then engaged in a tweetwar.
"The best lesson to learn from [the SEA attacks on Microsoft] is that companies need to invest in implementing rapid detection technologies for those attacks they cannot stop, so at least the damage is minimized and rapid response processes can be run to block an attack as soon as it begins to evolve," Sharon Vardi, chief marketing officer at Securonix, told TechNewsWorld.
Microsoft needs to invest heavily in training employees to understand phishing, Core Security's Chin told TechNewsWorld. "The investment to educate its people should be valuable not only to its business, but could also save its trusted reputation for customers who use Microsoft products."