Syrian Electronic Army Conducted Thanksgiving Hack on Forbes, NBC, Dell, Microsoft Through Gigya Comment System
The holidays seem to bring out the best in some people and the worst in others. It is just some strange thing that takes place when friends and family come together. The same can be said about hackers and hacker groups. They too celebrate the holiday season with a rash of attacks targeting different platforms so they can spread their own "love" in the form of advertisements or malware all for monetary gain.
In the latest hacker happenings, as we get deeper into the holiday season this year, a group managed to place pop-ups on several popular sites to promote their existence. The hacker group, aptly known as the Syrian Electronic Army, placed ads on sites like Forbs, The Chicago Tribune, NBC, NHL, Dell and even Microsoft. The commonality of those massive sites, apart from the fact that they are all huge companies, is that they all utilize the Gigya comment and social platform system service. The Gigya platform is yet another comment platform system that assists sites with expanding their reach in the social networking world along with customizing user registration and commenting integration.
Hackers attacking platforms like Gigya is nothing new. However, in the scope of using a service like Gigya to spread pop-ups and notifications mainly for letting users know that the Syrian Electronic Army conducted a massive Thanksgiving hacking attack on these sites, is a slight mystery. As far as the real reasons for this attack we suspect it was more of a test for the hacker group so they may later conduct an attack to either spread malware or act as a phishing campaign to collect personal information. Moreover, it is prudent to think that hacker groups have some political agenda behind their attacks, which could be a stunt oppose human rights groups and certain media outlets who go against their beliefs.
Some things to note that we do know about this Syrian Electric Army Thanksgiving hack is that attacking a third-party entity is a popular choice for hackers in attacking large companies and their websites. By leveraging a third-party source that a large website uses, hackers do not have to perform a direct attack where the iron-clad security infrastructure of such sites usually gets in the way. In the Gigya attack the hackers took advantage of GoDaddy to alter the DNS (Domain Name System) for Gigya for placement of their dubious messages.
Since the attack, Gigya announced that they eliminated the vulnerability to display the meaningless messages from the Syrian Electronic Army hackers. As a response of the attack concluding, the Syrian Electronic Army took to their Twitter account to post the message "We're the good guys so this was harmless but just in case the bad guys copy us, use NoScript with Firefox: [link] #SEA." Take this message for what it is, but it is clear that the Syrian Electronic Army is gaming those that oppose them and they may have something greater, more destructive, up their sleeves.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.