- Stephen Miller’s fake hair is almost as bad as his policies Sunday 8:00 PM
- California no longer plans to tax your text messages Sunday 6:45 PM
- Insurance company to ‘reevaluate’ relationship with Tucker Carlson after racist comment Sunday 3:59 PM
- Netflix’s instant rewind button is not popular with users Sunday 2:20 PM
- Offset interrupted Cardi B’s set at Rolling Loud Festival, and fans are pissed Sunday 1:18 PM
- ‘Ms. Marvel’ gets a new, award-winning writer in Saladin Ahmed Sunday 11:32 AM
- ‘SNL’ gives us the daddy pageant we’ve been dying for Sunday 10:28 AM
- How pranksters fooled the internet in 2018 Sunday 8:00 AM
- 2018 belonged to trans people Sunday 6:30 AM
- How to watch local channels on Roku Sunday 6:30 AM
- How to watch Levante vs. Barcelona online for free Sunday 6:19 AM
- How to watch Liverpool vs. Manchester United online for free Sunday 6:00 AM
- The best couch co-op video games for couples Sunday 6:00 AM
- Pete Davidson is OK and at work following alarming Instagram post Saturday 7:26 PM
- Wisconsin Governor Scott Walker doesn’t know how to use a Venn diagram Saturday 5:38 PM
Syrian Electronic Army wuz here
Last night, the SEA gained access to our content management system and a couple of email addresses, after posing as one of our contributors.
The Daily Dot strives to be considered in the same breath as NPR, the Guardian, and the Associated Press. Getting hacked by the Syrian Electronic Army was not exactly what we had in mind.
Last night, the SEA gained access to our content management system and a couple of email addresses, after posing as one of our contributors. The group deleted an article it had taken issue with (it’s since been restored) and left its mark on a scheduled story that had not yet been published. The changes were quickly reverted, and all accounts were reset.
The SEA took offense to the portrayal of Syrian President Bashar al-Assad in a report on the group’s hacking of Tango.me, a messaging app with over 120 million users globally. The original illustration portrayed al-Assad in the mold of Adolf Hitler.
— SyrianElectronicArmy (@Official_SEA12) July 22, 2013
Upon review, the editorial staff concluded that it was a little much and updated the story with a new image, a caricature of al-Assad by Flickr cartoonist DonkeyHotey. Regardless, SEA started sending phishing emails at 1pm ET, posing as various members of the Daily Dot.
We should have known better than to fall for the group’s sleight-of-email tricks. The Daily Dot has extensively covered the SEA’s portfolio of attacks on news organizations, most notably NPR, the Guardian, and the AP—a hack that many agree caused a dip in the stock market. The SEA almost invariably strikes after seeing something that depicts al-Assad in a negative light.
“We are just Syrian youths who want to defend their country against the media campaign that is full of lies and fabricated news reports,” a representative told us in May.
As we learned from the Onion’s own admission, the SEA operates on a “weakest link” mentality. First, they start sending emails to members of a company, encouraging them to click a link. Those emails are often manipulated to appear as though they are coming from a colleague.
In this case, it looked like this:
But the link in that story actually redirects to a site that appears to be Google asking the user to verify his or her username and password. All it takes is a single person who has access to the content management system, and the SEA is in.
Earlier Monday, we sent out a company-wide email asking our contributors and staff members to be particularly careful about clicking on links. Clearly, some people missed the memo.
Worse, we tempted fate. The SEA found this one-liner tossed out by our editor-in-chief in regards to dealing with future threats from outside entities.
There are many basic lessons to be learned here. For starters, it’s critical to limit access to—or access within—any content management system to those who require it and understand the inherent risk that comes with it. The same goes for access to social media accounts. And users have to remain vigilant when using their email. It’s really that simple.
After all, the threat of another attack is always looming.
— SyrianElectronicArmy (@Official_SEA12) July 23, 2013
Illustration by Fernando Alfonso III