Graham Cluley reports:
The Syrian Electronic Army appears to have successfully scalped another high profile media outlet, briefly hijacking the mobile version of the Washington Post website to display pop-up messages claiming that the media is not telling the truth.
[…]
In this latest incident, as Motherboard reports, the hackers claim that they broke into systems belonging to Instart Logic, the content delivery network (CD)B) used by the Washington Post:
“We hacked InStart CDN service, and we were working on hacking the main site of Washington Post, but they took down the control panel. We just wanted to deliver a message on several media sites like Washington Post, US News and others, but we didn’t have time :P.”
Chances are that Instart Logic was itself hacked through a combination of phishing and social engineering, the elementary but effective tricks most commonly used by the Syrian Electronic Army to break into systems and steal passwords.
In short, the Washington Post‘s own systems were not hacked, but those of one of their technology providers was.
Read more on HotForSecurity.com.