No joke: The Onion tells how Syrian Electronic Army hacked its Twitter

On Monday, the "hacktivist" group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli "joke" stories and an anti-Obama "meme" image. The Onion returned fire with its own joke story, "Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels."

Putting all jokes aside, The Onion's technology team yesterday made a post describing how the SEA had managed to compromise the accounts of a number of employees and take control of the Twitter feed—a series of phishing attacks that took advantage of the organization's use of Google Apps.

According to The Onion's Chris Sinchok, the attack started as a series of phishing e-mails to Onion staff members, which included a link to what appeared to be a Washington Post article. The URL was actually a link to a hacked website that redirected to a fake Google Apps login page. "At least one Onion employee fell for this phase of the phishing attack," the security team reported in the blog post. That employee's credentials were used to gain access to the employee's Google Apps e-mail account, which was then used by the attackers to send further phishing attacks from an internal Onion address, using a link to the same fraudulent Google Apps login page.

Read 7 remaining paragraphs | Comments