Anatomy of a state-sponsored phishing attack: how the Syrian Electronic Army hacked The Onion


12 Responses to “Anatomy of a state-sponsored phishing attack: how the Syrian Electronic Army hacked The Onion”

  1. Odis Lee says:

    So they tricked a satire site into letting them post messages.  Sounds like a good attempt at satire in itself!

    • austinhamman says:

       who satires the satirists?

    • Frank says:

      Vice has an interview with an alleged member of the SEA about the hack (google “Speaking with an Alleged Member of the SEA about Hacking The Onion’s Twitter Account”).

      Also, does anyone know the source of the “state-sponsored” in the headline? The SEA claims they’re not affiliated with the Syrian government so I’m wondering what bb is using as the source for that claim.

      • teapot says:

        In June 2011, just a few short months after protests first erupted in Syria, the country’s president, Bashar Al-Assad, made a speech in which he thanked a group called the “Syrian Electronic Army” (SEA). Calling it a “virtual army in cyberspace,” Al-Assad praised the group for its effort in trying to shape the Syrian narrative.

        If the unpopular president is thanking your group publicly you can guarantee it’s either already or soon-to-become state sponsored.

  2. hypersomniac says:

    I lol’ed

  3. nachoproblem says:

    I saw something about this, but I thought it was just – you know, The Onion.

    If the Syrian Real Army were as good at picking targets as the Syrian Electronic Army, the rebels would have very little to worry about.

  4. EeyoreX says:

    I still call shenanigans. Hacking a humor site is a bit like assaulting a masochist. All that scheming and no goal? I suppose this could have been a “dress rehearsal” for some bigger, more significant hack, but so far the net result here is that The Onion has drawn more attention to itself.

    • nachoproblem says:

      This is true, but at the same time your average terrorists, or lackeys of a despot or what have you, very often don’t seem to get the purpose of humor at all.

  5. Nadreck says:

    So the Moral Of The Story is to have a “honey-pot” email account that seems to be that of an ordinary user but is secretly funnelled off to someone in IT security.

  6. Ryan Besch says:

    I may be missing something here, but how did they distinguish from the it sec and the others who got phished? Was it just social engineering?

  7. oasisob1 says:

    Seems like the Onion would be a good organization to practice on before a real attack.

  8. teapot says:

    Oh man I heart the onion. This is clearly what pissed off the Syrian Eunuch Association:,31805/

    Apparently the Syrian Eunuch Association called off their hack on The Onion:,32327/

    “Look, when the Syrian Electronic Army hacks into a website, we want users to immediately see our message that Zionist-controlled interests are distorting the facts that come out of Syria, not a bunch of huge, constantly looping ads for God knows what that assault the senses and literally leave you nauseated. And when we looked at the layout of The Onion’s homepage, we immediately realized the huge mistake we’d made.”

    Oh and fuck you SEA – come get me bro. Show your 1337 skills. Your dear leader al-Asshole is soon going to be a corpse.

Leave a Reply