Hacking a Newspaper: Distancing and Finger Pointing

May 15, 2015

I read “This Is How the Syrian Electronic Army Hacked the Washington Post.” Hacking into a company’s computer system is not something I condone. The target of the hacking is not too keen on the practice either I assume.

One of our Twitter accounts was compromised. We contacted Twitter. Even though we knew the CTO, it took a couple of days to sort out the problem. Apparently Miley Cyrus became a fan of Beyond Search and wanted to share her photo graphs via the blog’s newsfeed. One reader, an Exalead professional, was quite incensed that I was pumping out Miley snaps. I assume he found a better source of search and content processing news or left the field entirely due to the shock I imparted to him. I did not objectify the hacking incident. I don’t think I mentioned it until this moment. A script from somewhere in the datasphere got lucky.

In the aforementioned write up, I noted this passage:

Th3 Pr0, one of the members of the group, confirmed to Motherboard that they were indeed the group behind the attack, which appeared to last for around 30 minutes. Th3 Pr0 said that they were able to insert the alerts by hacking into Instart Logic, a content delivery network (CDN) used by the Washington Post. “We hacked InStart CDN service, and we were working on hacking the main site of Washington Post, but they took down the control panel,” Th3 Pr0 told Motherboard in an email. “We just wanted to deliver a message on several media sites like Washington Post, US News and others, but we didn’t have time :P.” The group often defaces media sites by hacking into other third parties, such as ad networks, that serve content on the sites.

The Washington Post, it seems, was not the problem. A content delivery network was the problem.

The article then reminded me:

This is the second time the hackers get to the Washington Post. The group briefly disrupted the site in 2013 with a phishing attack.

But the kicker for me is this statement:

This hack shows, once again, that a site is only as secure as its third-party resources,including ads, are.

Well, these problems are short lived. The problems are not the problems of the Washington Post. Bueno indeed. Perhaps Amazon’s Jeff Bezos will provide some security inputs to the Washington Post folks. Fool me once, shame on me. Fool me twice, well, blame the third party.

Works in Washington I assume.

Stephen E Arnold, May 15, 2015

Written by Stephen E. Arnold · Filed Under News, Publishing, Security

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.