So how does the Syrian Electronic Army do it? The latest victims of the group’s social-media hacking ways, per a report on computerworlduk.com, were the New York Post‘s Facebook page, several individual newspaper reporter Twitter feeds and the Facebook/Twitter pages of social media management company SocialFlow.
Order at both ends has been restored after the Tuesday breaches; the connection here is that the Post uses SocialFlow’s dashboard to manage its accounts. Computer security expert Graham Cluley suggests that the Army relied on their same old tricks:
Chances are that Post and SocialFlow fell victim to the Syrian Electronic Army via the group’s normal method of attack – emailing staff at one media organization with a forged “sent” address in the email header, linking to what claims to be a breaking news story that the recipient should check out. Clicking on the link then takes users to a phishing site where passwords are stolen.
SocialFlow has acknowledged the event on its Twitter feed, while the Post at press time had not. The message the Army posted on Post baseball writer Mike Puma’s Twitter page and elsewhere read: “Syrian Army Was Here Via @Official_SEA16 #SEA.”