The Washington Post

Here’s how the Syrian Electronic Army’s hack worked


The Syrian Electronic Army's attack against The Washington Post succeeded because of a vulnerability in Outbrain, a third-party content recommendation service. Outbrain works by embedding a widget on websites filled with sponsored links, and it seems as though once the SEA had hacked Outbrain, that gave them access to redirect readers on certain pages to SEA-controlled sites.

The SEA says its attack on Outbrain also allowed it to compromise the websites of Time and CNN:

The Post's engineers have confirmed that Outbrain was the source of the vulnerability. Outbrain has also confirmed that its systems have been attacked, presumably a reference to the SEA.

Update: An Outbrain spokesperson wrote in with the following statement:

We are aware that Outbrain was hacked earlier today. In an effort to protect our publishers and readers, we took down service as soon as it was apparent. The breach now seems to be secured and the hackers blocked out, but we are keeping the service down for a little longer until we can be sure it's safe to turn it back on securely. We are working hard to prevent future attacks of this nature.

Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.
Next Story
Brian Fung · August 15, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.