:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/63703496/sea_logo.0.1537497932.0.png){kind=logo}
The Syrian Electronic Army has broken into the website of business magazine Forbes and claims to have made off with a million user account names and passwords, according to statements and screenshots posted on the group’s Twitter feed.
The group, which claims to support the regime of Syrian President Bashar al-Assad, initially offered to sell the database, but now says it will publish it on the Web.
We will publish the database as soon as we find a secure host to upload the database on it. #SEA
— SyrianElectronicArmy (@Official_SEA16) February 14, 2014
The Forbes hack is the latest in a series of attacks by the SEA on the websites and Twitter accounts of Western media organizations, including the BBC, CBS, the Financial Times, the New York Times and even the Onion. It typically breaks into these accounts and spreads pro-Assad propaganda messages and information that casts opposition groups in a negative light.
Forbes acknowledged the attack through a spokeswoman but gave few details beyond saying that its publishing platform was where the attack took place.
“Forbes.com’s publishing platform was compromised. We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content. We are looking into and monitoring the situation closely. We’re taking this matter very seriously,” the Forbes spokeswoman said in an emailed statement.
Forbes has not yet confirmed the theft of user account information and the company did not immediately return calls seeking more details on the extent of the breach. A sign-in screen for user accounts was not working as of late afternoon.
A person familiar with the situation, but who asked not to be named, confirmed to Re/code that sign-ins for Forbes’ WordPress blogging system have been disabled for all outside contributors for now. The site accepts contributed articles from numerous outside writers in addition to stories penned by staff writers.
Another source told Re/code that the attackers altered the text of three stories that had been previously published on the site. Those stories have since been taken down.
What’s different about this attack is that the SEA, based on what it shows in its screenshots, appears to have tried to edit stories on the Forbes.com website. It claimed that two Twitter accounts were also breached: @ForbesTech and that of the magazine’s social media editor, Alex Knapp, though there are no tweets in the relevant streams indicating that.
It also said that it can “thank Alex Knapp” for the attack but didn’t elaborate.
@Forbes can thank @TheAlexKnapp for this hack. #SEA
— SyrianElectronicArmy (@Official_SEA16) February 14, 2014
We wonder why @Forbes admins could not stop us. Perhaps they were watching porn all day? #SEA
— SyrianElectronicArmy (@Official_SEA16) February 14, 2014
As you can see from the image shown on Twitter below, the group appears to have obtained administrative access to the Forbes.com WordPress account. It also produced a one-line story under the byline of Forbes editor Tom Post that reads “Hacked by the Syrian Electronic Army.” The URL where that appeared is now showing a 404, but the post can still be found via Google’s cache. I took a screen grab, which you can also see below.
Forbes isn’t sharing any details as to how the hack was carried out, but standard procedure for the SEA is a multi-layered attack that usually starts with an email containing an attachment that looks routine but has been infected with malware. It may also be an email containing a link to an “important story” that the recipient should read.
At least that’s how it started at the Onion when its site was breached by the SEA last year. The company published a detailed account on how the attack unfolded in order to help other companies learn from the experience and not be victimized themselves.
From there the attacks tend to unfold over a series of days, during which the attackers gain access to more user accounts and gather more useful information about the operations of the site, eventually gaining access to administrator accounts.
It has been a busy February for the Syrian Electronic Army. Last week it tried but failed to hijack Facebook’s domain name and redirect its traffic to another site. In the end it proved it could edit information about the Facebook domain in the database of registrar MarkMonitor, but not much else.
The breach comes at a delicate moment for Forbes. The company is in the late stages of a sale process. Earlier this week, Bloomberg News reported that parent company Forbes LLC was expecting final buyout offers from two Asian media companies, China-based Fosun International Ltd. and Singapore’s Spice Global Investments. German publisher Axel Springer was also said to be in the mix. Forbes is reportedly seeking about $400 million.
http://t.co/0HbTuGgsU1 hacked by the Syrian Electronic Army #SEA. pic.twitter.com/SlfXYv7HUv
— SyrianElectronicArmy (@Official_SEA16) February 14, 2014
Full disclosure: I worked for Forbes as a senior editor and columnist on the website from 2000 to 2005.
This article originally appeared on Recode.net.
