Yesterday, social media was abuzz over the news that Reuters had been hacked via their advertising network by the Syrian Electronic Army, who were protesting allegedly false news coverage from the agency on fighting in the country.
While the SEA attacked Reuters last year, this time around the infamous hacking organization actually compromised an advertising tech start-up based in New York called Taboola, who work with Reuters on providing readers recommendations, so of course Taboola have a link to Reuters back-end, making them a prime target for SEA.
It’s unclear how exactly Taboola was compromised but security expert Frederic Jacobs surmises that phishing tactics were used. This means that Reuters may not be the only news outlet that could fall prey to SEA as Taboola has partnerships with the New York Times, Fox News, and the BBC to name a few.
“By compromising Taboola, the value of the compromise is significantly higher than just compromising Reuters,” wrote Jacobs.
“As many of the previously compromised organizations, Taboola uses Google Apps. The Syrian Electronic Army has repeatedly used their Google phishing templates to trick users into giving up their passwords.”
This attack raises the issue for system administrators of using third party analytic services. Jacobs notes that Taboola probably didn’t use two-step authentication, causing this breach. (Update: Taboola has since releasedtaking responsibility of the hack and ensuring readers that they do use two-step.)
It may not be clear why SEA targeted Taboola but myriad reasons are possible, such as a weak system and an easy backdoor into Reuters’ readers. The SEA has since tweeted an image of Taboola’s PayPal account, showing that Taboola’s founder is Israeli, which may have played a role in their decision too.
“The hack was an attack on an Israeli company used as content ads by the agency,” said SEA on their website, corroborating this speculation.