Two days after having its accounts compromised, The Onion detailed what went wrong.
While known for sharp and biting satire, The Onion still fell for a simple phishing scam on Monday set by suddenly ubiquitous Syrian Electronic Army (SEA).
The upside: The Onion has described exactly how it happened.
First, the SEA sent a few Onion employees bogus email from a bogus address. Appearing to come from Elizabeth Mpyisi ([email protected]), it emailed Onion employees with an awkward message and a link that seemed to point to a Washington Post article about The Onion:
Dear The Onion Journalists,
Please read the following article for its importance:
Thanks & Regards
But there was no such article at The Washington Post, and that link was actually a dummy. It redirected to a different site the SEA had set up, which asked for users’ login credentials.
And here’s where somebody at The Onion got really careless. The unidentified employee typed in his or her company Google username and password, even though the Associated Press had fallen for the exact same ruse two weeks earlier, which led to an errant tweet that President Obama had been attacked and a brief dip in the Dow Jones Index.
Then, the scheme was on. Now that SEA had an employee’s email, it sent out that exact same message to other Onion employees—this time appearing to come from a coworker. A few more fell for it, and one of those had credentials to The Onion‘s Twitter and Facebook accounts.
The Onion, which didn’t yet have the situation under control, fought back with its main tool, satire, and published a story titled “Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels.”
“It’s seems that they lost their minds after the hack,” a member of the SEA told the Daily Dot. The hackers retaliated with lulz, tweeting screengrabs of emails it sent from a compromised account to fellow Onion email addresses, spoofing advice on how to avoid future hacks.
“Limit site traffic to about twenty or thirty visitors per month,” read one. “Call your congressman and have them pressure President Obama to intervene in Syria,” went another.
Eventually, the Onion reset every single employee’s Google password and regained control of their social media arms.
It’s not exactly clear why the SEA chose The Onion as a target, but here’s a guess: The group has loose ties with the Syrian government, which is currently embroiled in a civil war and has been accused of using chemical weapons. And it tends to attack news organizations seen as giving good press to Syrian rebels or bad press to President Bashar al-Assad’s regime. A few days before the hack, The Onion published a story titled “‘Help Has To Be On The Way Now,’ Thinks Syrian Man Currently Being Gassed.”
Illustration by Fernando Alfsonso III