On Sunday, the Syrian Electronic Army (SEA) hacked Reuters. This is the second time Reuters has been the target of the SEA, the first time was in 2013.
The hack sent users a message claiming Reuters was spreading false information about Syria, as noticed by some Twitter users:
The details of the hack are particularly interesting. Technically, the Reuters platform wasn't directly compromised. Taboola, a content discovery platform, was hacked and used to affect the Reuters website. Security researcher Frederic Jacobs determined this. Taboola is a third-party advertising network which loads code onto the Reuters website, displaying recommended advertisements. It also happens to be an Israeli company.
Taboola's network was then used to redirect Reuters pages to the SEA message. Jacobs did some impressive sleuthing. He pulled the code showing the SEA had gone after Taboola to execute this hack:
The SEA also took the chance to explore Taboola's PayPal account:
This article is from the archive of our partner The Wire.