Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

You'll never guess who the Syrian Electronic Army tried to hack today - fixedByVonnie

You’ll never guess who the Syrian Electronic Army tried to hack today

The Syrian Electronic Army is a contentious group of hackers who target people who they believe to be adversaries of the Syrian government.

You may recall that earlier this Summer the SEA successfully kicked the New York Times homepage offline by redirecting the nytimes.com DNS records to its own web address.

Well the malicious group of hackers struck again and this time they upped the stakes by hacking both the Twitter and Facebook accounts of U.S. President Barack Obama.

About an hour ago, Sam Stein, White House Correspondent for the Huffington Post, tweeted the following message:

Sam Stein

For several minutes, links using http://ofa.bo redirected to a violent, 23:56 minute Youtube video which showed the bedlam in Syria.  ofa.bo is the URL shorterner service used by BarackObama.com.  Messaging services such as Twitter use such link shorteners to help keep tweets within the strictures of 140 characters.

A little over an hour ago, the SEA emailed the editors of Mashable.com explaining that they hacked the President’s social accounts by modifying links posted to Mr Obama’s feeds.

Here’s a screenshot of one link the SEA mangled today:

Syrian Electronic Army hacked Twitter of Barak Obama

The SEA claims it did this by gaining access to Suzanne Snurpus’s Google Apps email account.

Snurpus is one of the admins with rights to manage BarackObama.com.  One compromised, the Syrian Electronic Army had carte blanche access to the site Control Panel.

In a grand act of hubris, the group snapped a screenshot of Snurpus’ hacked Google inbox and sent out the tweet below:

ssnurpus@barakobama.com hacked

Regarding the incident, Snurpus commented to Quartz.com

We’ve taken measures to correct it.  And we’ve all changed our passwords and added an extra layer of login security.

Currently all the broken links have been fixed – but this is a big issue.

Think about it:  in today’s debacle the President and his administration didn’t completely suffer but could you imagine if this was a more egregious crime?  Can you fathom the ramifications of hacking President Obama’s twitter handle: @BarackObama?

Today the SEA just fiddled with some links but can you think of the melee that would have ensued if all 39 million Barack followers saw a terrifying politically charged tweet from his compromised twitter handle?

Snurpus says she’s taken “measures to correct” the problem; however, why are those measures being taken after the fact? Someone in her position should already be using two-factor authentication!  I think the administrators of BarakObama.com should be chagrined and hopefully will learn from this mistake.

This is nuts.

About

Connect with Vonnie on Twitter

Posted in News, Security Tagged with: