- Jameela Jamil dragged for comparing reproductive rights to landlord rights Tuesday 6:54 PM
- Trump campaign posts Thanos meme, totally misses point of ‘Endgame’ Tuesday 5:58 PM
- Petition calls for Apple to make a Baby Yoda emoji Tuesday 5:16 PM
- This BTS-Billie Eilish mashup is the most popular tweet of 2019 Tuesday 4:51 PM
- Michelle Wolf embraces vulgarity in ‘Joke Show’ Tuesday 4:24 PM
- Influencer gets 14 years in prison for trying to steal domain name at gunpoint Tuesday 4:14 PM
- ‘Three Days of Christmas’ is a delightfully dark holiday alternative to Hallmark Tuesday 3:55 PM
- The way Trump Jr. holds his own book inspires mockery Tuesday 3:47 PM
- Woman facing backlash for no longer wearing hijab in end of the decade photo Tuesday 3:16 PM
- Report: Consulting firm lied about decreasing violence at Rikers Island jail Tuesday 2:36 PM
- TikTok users are sharing things they thought were ‘ghetto’ as kids Tuesday 2:31 PM
- Republicans just blocked a net neutrality vote in the Senate Tuesday 2:24 PM
- ‘Fox & Friends’ host stuck using dad’s account after Twitter suspension Tuesday 1:10 PM
- ‘They’ is Merriam-Webster’s word of the year Tuesday 12:56 PM
- Inside Dolby’s big ‘Star Wars’ retrospective exhibition Tuesday 12:48 PM
Syrian Electronic Army wuz here
Last night, the SEA gained access to our content management system and a couple of email addresses, after posing as one of our contributors.
The Daily Dot strives to be considered in the same breath as NPR, the Guardian, and the Associated Press. Getting hacked by the Syrian Electronic Army was not exactly what we had in mind.
Last night, the SEA gained access to our content management system and a couple of email addresses, after posing as one of our contributors. The group deleted an article it had taken issue with (it’s since been restored) and left its mark on a scheduled story that had not yet been published. The changes were quickly reverted, and all accounts were reset.
The SEA took offense to the portrayal of Syrian President Bashar al-Assad in a report on the group’s hacking of Tango.me, a messaging app with over 120 million users globally. The original illustration portrayed al-Assad in the mold of Adolf Hitler.
— SyrianElectronicArmy (@Official_SEA12) July 22, 2013
Upon review, the editorial staff concluded that it was a little much and updated the story with a new image, a caricature of al-Assad by Flickr cartoonist DonkeyHotey. Regardless, SEA started sending phishing emails at 1pm ET, posing as various members of the Daily Dot.
We should have known better than to fall for the group’s sleight-of-email tricks. The Daily Dot has extensively covered the SEA’s portfolio of attacks on news organizations, most notably NPR, the Guardian, and the AP—a hack that many agree caused a dip in the stock market. The SEA almost invariably strikes after seeing something that depicts al-Assad in a negative light.
“We are just Syrian youths who want to defend their country against the media campaign that is full of lies and fabricated news reports,” a representative told us in May.
As we learned from the Onion’s own admission, the SEA operates on a “weakest link” mentality. First, they start sending emails to members of a company, encouraging them to click a link. Those emails are often manipulated to appear as though they are coming from a colleague.
In this case, it looked like this:
But the link in that story actually redirects to a site that appears to be Google asking the user to verify his or her username and password. All it takes is a single person who has access to the content management system, and the SEA is in.
Earlier Monday, we sent out a company-wide email asking our contributors and staff members to be particularly careful about clicking on links. Clearly, some people missed the memo.
Worse, we tempted fate. The SEA found this one-liner tossed out by our editor-in-chief in regards to dealing with future threats from outside entities.
There are many basic lessons to be learned here. For starters, it’s critical to limit access to—or access within—any content management system to those who require it and understand the inherent risk that comes with it. The same goes for access to social media accounts. And users have to remain vigilant when using their email. It’s really that simple.
After all, the threat of another attack is always looming.
— SyrianElectronicArmy (@Official_SEA12) July 23, 2013
Illustration by Fernando Alfonso III