Just like it’s done time and time before, the Syrian Electronic Army (SEA) broke into yet another media outlet late last week, hacking a handful of social media accounts belonging to CNN, including seven Twitter accounts and two Facebook accounts.
CNN admitted the accounts were compromised in a post Friday morning but insisted that the SEA, a group of pro-Syrian regime hackers, only had access for “minutes” and that the accounts were quickly secured.
Microsoft made a similar admission Friday, acknowledging that some of its employees’ social media and email accounts had recently been hit by phishers.
Twitter accounts for CNN’s Security Clearance blog, along with blogs for Political Ticket, The Lead, Security Clearance, The Situation Room and Crossfire were hacked while the Facebook pages for CNN and Security Clearance were also compromised in the attack.
A report by CNN on Monday that purported industrial scale “systematic torture and killing” by Syrian President Bashar al-Assad’s regime drew the ire of the SEA. Officials from Syria’s Justice Ministry shot down the report Wednesday, deeming the attached photos “fake,” leading CNN to print a correction but that didn’t stop the group from carrying out the hack Thursday.
The group called out the news agency following the attack on its official Twitter account, writing that it would “not stop to pursue these liars and will expose them and their methods for the world to see.”
“Tonight, the #SEA decided to retaliate against #CNN’s viciously lying reporting aimed at prolonging the suffering in #Syria,” another tweet said.
Elsewhere on Friday a blog post by Adrienne Hall, the General Manager for Microsoft’s Trustworthy Computing Group admitted that a “select number” of the Microsoft employees had fallen victim to phishing attacks that granted hackers access to social media and email accounts.
The company claimed “documents associated with law enforcement inquiries” – information that it sounds like would be included in one of Microsoft’s semi-annual transparency reports – were at the center of the hack. Hall’s post didn’t elaborate on the attacks, declining to specify both the type of phishing attacks and the ‘validity’ of the stolen emails or documents.
Microsoft’s statement may come off as vague but the admission comes just a few weeks after the SEA hijacked of a handful of social media entities belonging to the company to spread its anti-surveillance agenda, suggesting the two incidents may be related.
Hall claims that Microsoft’s investigation is still continuing but if customer information involving those reports winds up being compromised, the company “will take appropriate action.”
The SEA took over Skype’s Twitter account on New Year’s Day to voice its displeasure over parent company Microsoft and its alleged involvement in NSA’s surveillance activities. The group also took aim at the Twitter and Instagram accounts of Microsoft’s Xbox support, @XBoxSupport, and its official news blog, @MSFTNews, just a week later to spread more or less the same remarks.
The SEA of course has been behind a rash of Twitter takedowns, DDoS attacks and internet vigilantism over the past several years. The group has executed well-publicized attacks on the New York Times, the Washington Post and Harvard University, just to name a few targets.