If it seems like the list below is dominated by recent events, that is for good reason: major media outlets have increasingly poured resources into their websites and social media accounts, which have in turn become the target of hackers worldwide. And 2013 was a banner year for attacks on major media outlets, led by a wave of website and social media attacks from the Syrian Electronic Army which, more than being a nuisance to the organisations and users they have affected, have been indicative of the very bare minimum of inconvenience and destruction cyber warfare poses.
Fox News: In a way, these were the quaint old days of online media attacks. On 4 July 2011, a message announcing the assassination of President Barack Obama was posted on Fox News’ Twitter account. Once again, this quickly turned out to be an erroneous announcement. The Secret Service launched an investigation of the incident, which was supposedly carried out by a group called Script Kiddies. “Fox News was selected because we figured their security would be just as much of a joke as their reporting”, one Script Kiddies member reportedly told Stony Brook University’s Think magazine.
NBC: An attack on NBC.com in February, 2013 potentially put visitors to the site in danger. That’s because attackers loaded the NBC.com site with the Citadel Trojan, banking malware that could potentially have been automatically transferred to the systems of anyone who visited the site, a tactic known as ‘drive-by downloading.’ The attack caused the site to be temporarily blocked by Google, and it also popped up on other NBC sites that day including the website for “Late Night with Jimmy Fallon.”
AP: In April of 2013 hackers overtook the Twitter account of Associated Press and posted a false message that briefly caused a social media panic and sent the stock markets tumbling: “Breaking: Two Explosions in the White House and Barack Obama is injured”. It turned out to be completely false, but it caused a $130 million drop on the S&P until the White House quickly released a statement flatly denying the claim, at which point the markets bounced back. It also was among the first introductions on the worldwide stage of the Syrian Electronic Army, a group of online attackers sympathetic toward Syrian President Bashar al Assad. It wasn’t the first — or the last — big media takedown by the SEA, either. Prior to this it had hit the BBC, NPR and Reuters, among others. The AP attack was made possible by information gained from targeted phishing emails sent to AP reporters, which contained bogus links that the reporters clicked through on. The lesson? Never click on links unless you are beyond certain you know who sent them to you.
Twitter/New York Times: Arguably the greatest takedown of a media outlet ever was actually a two-for-one special perpetrated by the SEA in August 2013. Two weeks after it hacked the Washington Post‘s website it carried out perhaps the two biggest media attacks of all time in the same day when it crashed the website of the New York Times and temporarily took over Twitter’s domain. “Hi @Twitter, look at your domain, its owned by #SEA:)” the SEA announced on its own Twitter page. The Twitter attack resulted in trouble with access to images and some general user access and lasted about 90 minutes, but the company said no user information was compromised. The NYT hack lasted for hours, during which time the company kept posting news stories on its Facebook page. Other media outlets were hit by the SEA that day too, including Huffington Post UK. Of course, this was hardly the SEA’s first time striking media outlets, and is a mere suggestion of what could occur when political/activist attacks turn into full-on cyber warfare.