How Syrian Electronic Army Pulled Off Thanksgiving Day Hacks

Notorious hacking group may have found a way in through U.S. firm.

ByABC News
November 28, 2014, 10:21 AM
A finger is shown touching a keyboard in this stock image.
A finger is shown touching a keyboard in this stock image.
Getty Images

— -- The Syrian Electronic Army re-emerged Thanksgiving Day to pull off a minor but annoying hack via a U.S. firm.

The pro-Syrian government collective of hackers was able to pull off a hack on several Western media outlets and retailers Thursday by targeting Gigya, a U.S. firm that connects businesses to customers via social media.

Among the websites that said they were affected were the Dallas Morning News, the Boston Globe and the Daily News in New York. Several retailers were also reportedly briefly affected by the hack, which greeted users with the pop-up message, "You've been hacked by the Syrian Electronic Army (SEA)."

CEO Patrick Salyer of Mountain View, California-based Gigya Inc., which is contracted by more than 700 companies, said in a blog post the company "identified sporadic failures with access to our service” on Thanksgiving morning.

Salyer said hackers were able to reroute traffic from Gigya's website to an outside server, allowing them to place the pop-up message on various websites.

Despite the minor annoyance, Salyer wrote, "neither Gigya’s platform itself nor any user, administrator or operational data has been compromised and was never at risk of being compromised. Rather, the attack only served other JavaScript files instead of those served by Gigya."

The problem of traffic being rerouted was resolved about one hour after Gigya detected the breach, Salyer said.

A Twitter account belonging to the Syrian Electronic Army took responsibility for the breach.

The pro-Syrian government hacking collective, which was most active between 2011 and 2013, has claimed responsibility for a number of high-profile cyberattacks on major Western media outlets.

The group hacked numerous Western media outlet last year, including the New York Times and the Washington Post. The group also caused mayhem when it briefly took overTthe Associated Press Twitter account and sent out a tweet claiming there were explosions at the White House and the president had been injured.

The fake tweet created enough anxiety to send U.S. stocks tumbling.