• United States



Senior Staff Writer

CNN Twitter feed hijacked by Pro-Assad hackers

Jan 23, 20143 mins
Application Security

CNN is the latest target of the Syrian Electronic Army.

The offending messages were removed by CNN staffers rather quickly, but by the time the recovery happened, the SEA had already posted their usual propaganda and made their point.

This is just the latest in a long string of attacks against the media by the SEA. It certainly won’t be the last.

This week, in a threat report from CrowdStrike, the SEA took center stage, as they remained rather active in 2013. The report focused on a number of attacks against the media, including the Associated Press, the New York Post, CBS News, the Guardian, and Thompson Reuters.

Historically, the SEA is known for using Phishing as a means of access to their victims. Such tricks led to a successful August attack against, a content recommendation platform used by hundreds of media websites, including CNN, Time, and the Washington Post.

While they mainly stick to spreading propaganda these days, it’s important to remember that the SEA isn’t above compromising information. In July 2013, the SEA went after and compromised a user database. Truecaller confirmed the breach, and noted that Phishing was the root cause.

That same month, the SEA compromised TangoME Inc, targeting their Tango communications platform. Again, Tango confirmed the breach, and again Phishing was determined to be the root cause. The SEA reported that the data taken from Tango would be given to the Syrian government, as it was believed that Syrian activists were using the Tango service to coordinate themselves. A third attack in July targeted a VoIP company (Viber Media), and the company said that while the breach was minor in scope, the root cause was a targeted Phishing attack.

If there is a lesson to be learned by what the SEA does, aside from the social engineering aspect, it’s that control over corporate communications channels is just as important as control over the network. The group targets the weakest link in the security chain, because they know that if asked enough times, humans will eventually do what’s requested of them, such as following a malicious link or opening an attachment.


On Twitter, the SEA issued the following statement:

Tonight, the SEA decided to retaliate against CNN’s viciously lying reporting aimed at prolonging the suffering in Syria. CNN used its usual formula of present unverifiable information as truth, adopting a report by Qataris against Syria. Instead of any actual journalism, CNN turned into a loud horn calling for the destruciton of the Syrian state.

US Media strategy is now to hide the fact that the CIA controls and funds Al Qaeda by blaming Syria instead for their terror. The SEA will not stop to pursue these liars and will expose them and their methods for the world to see.

In addition to that, the group also showed proof that they used a compromised HootSuite account to post to the CNN Twitter feed. It’s unknown if the HootSuite account was accessed as a direct result of a Phishing campaign, but given the SEA’s history, that’s the likely conclusion. CNN has not made any statements on the incident. Their Twitter feed has remained inactive since the account was reclaimed earlier this evening.


CNN has issued a statement on the matter.

Some of CNN’s social media accounts were compromised Thursday. The affected accounts included CNN’s main Facebook account, CNN Politics’ Facebook account and the Twitter page for CNN. The posts were deleted within minutes and the accounts have since been secured.