CNN's social media accounts compromised by Syrian Electronic Army

Share this article:

On Thursday, the Syrian Electronic Army (SEA) took claim on Twitter for compromising a variety of social media websites belonging to CNN and using the accounts to post messages blasting the popular news network's reporting.

The impacted accounts include CNN's primary Facebook, the CNN Politics Facebook, and the Twitter pages for CNN and CNN's Security Clearance, as well as blogs for Political Ticker, The Lead, Security Clearance, The Situation Room and Crossfire, according to a Friday CNN report.

The messages were removed within minutes and the accounts have been secured, according to the report, but “Stop lying” and “All your reports are fake!” were two comments the hacktivist group is said to have posted from the primary CNN Twitter account.

From its own twitter account – @Official_SEA16 – the pro-Assad group posted on Thursday, “Tonight, the #SEA decided to retaliate against #CNN's viciously lying reporting aimed at prolonging the suffering in #Syria.”

The SEA began gaining prominence throughout 2013 for using sophisticated phishing schemes to take over social media and other web-based accounts, including those belonging to The New York Times, The Washington Post and Time.

“We know that the SEA's typical modus operandi is to gain access to accounts by conducting email based social engineering that lures the email recipient to a website that effectively recreates the look and feel of a legitimate site asking for the user's login credentials,” Scott Greaux, vice president of PhishMe, wrote in a Thursday email to SCMagazine.com

These types of targeted attacks are particularly difficult to detect because the SEA typically does not use malware, Greaux explained, adding that this kind of social engineering would never succeed if employees were properly trained to spot malicious emails.

“If an email purporting to be from the IT department asks them for login information, they should first ask themselves if the IT department typically solicits that information through an email,” according to Greaux. “Employees should also be trained to examine URLs in an email, and avoid clicking on links that take them to an unknown domain.”

The SEA recently compromised social media accounts belonging to Microsoft and accused the computer corporation of monitoring user accounts – including Hotmail and Outlook – and selling the information to governments.

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...