On the night before Christmas, the FBI was sending out warning notices that the Syrian Electronic Army (SEA) was phishing for usernames and passwords, according to a New York Times report that was quickly denied on Twitter by the pro-Assad hacktivists.
“Contrary to reports, we have already hacked the NY Times and there's little point revisiting them,” according to an SEA tweet posted less than 12 hours after the initial New York Times story ran. “These are false accusations by the FBI.”
Approximately half a day earlier, the New York Times reported that media folks, including some at its own publication, had received emails containing a link that claimed to be for a CNN story about Syria, but actually redirected users to a fake Google log-in page that asked for credentials. In some cases, the emails appeared to come from colleagues, the article indicated.
The SEA has become well-known for compromising credentials – particularly for U.S. media groups – through phishing emails, so much that the hacktivist group was vaulted onto the FBI's most wanted list in September.
The New York Times, as well as domains belonging to Huffington Post U.K. and Twitter, was previously compromised at the end of August in a domain name system (DNS) hack against Australian registrar Melbourne IT. The SEA took credit for the attack, which the group was able to carry out because of a phishing email.
Earlier this month the SEA took credit for compromising the Twitter account belonging to Time – and in mid-November, the hacktivist collective took responsibility for accessing the Vice.com website and altering content.