Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

US president webpage attacked by SEA

Tripwire Inc : 30 October, 2013  (Technical Article)
Tripwire comments on the recent compromise by the Syrian Electronic Army on President Obama's web site
US president webpage attacked by SEA

Security experts at Tripwire have commented on the Syrian Electronic Army attack on the US President’s webpage. According to security researcher Ken Westin, “Although the SEA may not have compromised an official government site associated with the President, the PR damage of gaining control of his fund raising website may have a similar propaganda effect. We don’t know what data the SEA has access to as a result of the breach, in Blue State Digital's case study for the Obama campaign they state they had 13 million emails and helped gather 6.5 million donations totaling $500 million ...is this information now in the hands of SEA for possible spear-phishing attacks?

It appears that the SEA did not gain access to the main website itself, but a third party service that his campaign uses for managing donations to his campaign.

Blue State Digital's website is now showing a blank page and it appears their website is down, so odds are that the entire system has been compromised, meaning it could be more than just the President's donation website that has been compromised.”

Tim Erlin, director of IT risk and strategy at Tripwire continued, “The headline says ‘Obama's hacked’, but it wasn't Obama per se -- this fact alone demonstrates the importance of business partners' information security.

It's doubtful that anyone on Obama's team considered whether using their own URL shortener represented an increased threat over a more standard implementation, but perhaps they should have considered this. After all, URL shortener hacks have happened before.

Any attack like this demonstrates the value of a solid threat model for all points of content production that's outsourced. It’s clear that attackers understand that business partners often represent the weakest link in security.

URL shortening represents a underrated threat vector in social media. Even when a click can mean compromise, we routinely trust obfuscated links through Twitter and Facebook.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo