Syrian Electronic Army Hacks Outbrain Content Service

The Syrian Electronic Army (SEA) hacked into content recommendation service Outbrain and its admin panel.
The SEA acknowledged the attack to E Hacking News and provided screenshots showing that the service’s admin panel and website backend were both compromised.

Outbrain is a service that provides publishers with recommended content from their own site and from other network publishers. Its clients include USA Today, CNN, The Washington Post and Time (Mashable has used Outbrain in the past but is not a current customer). By infiltrating Outbrain’s main dashboard, the SEA was also able to target the websites of its clients, including CNN and The Washington Post.
Outbrain acknowledged an attack via Twitter, but its website and recommendation system are currently offline.

Due to an attack, our recommendations are down. Our team is working to get our system secure & up shortly. Apologize for any inconvenience.— Outbrain (@Outbrain) August 15, 2013

In fact, it may be the Outbrain attack that led to the hack of The Washington Post‘s website on Thursday. Readers were redirected to the SEA’s website for a brief period.







n an email to Mashable, WaPo managing editor Emilio Garcia-Ruiz said that the SEA “claimed they gained access to elements of our site by hacking one of our business partners, Outbrain.”
The SEA was also targeting WaPo employees using email-based phishing attacks that have become the group’s modus operandi. In this case, however, it looks like the SEA was able to insert code into the Outbrain widget served on The Washington Post website that redirected to a different webpage.
The Syrian Electronic Army has targeted a wave of publishers over the last several months, including The Onion, Thompson Reuters and ITV. On Tuesday, the group hacked into the publishing tool SocialFlow.
Shifting from simply targeting publications via its employees and backend systems to also going after web-based software services used by publishers and media organizations signifies that the SEA is getting smarter — and potentially more dangerous — with its attacks.

It may not be enough for a publisher to keep employees from clicking on a phishing email disguised as something legitimate if an ad server, plugin or other system that has access to a site can be compromised.
In a statement, Outbrain told us:
We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely. We are working hard to prevent future attacks of this nature.

 lifecoachforprofit