NPR website defaced by hackers supporting Syria
Syrian Electronic Army posts messages in support of President Bashar Assad
The website and several Twitter accounts of U.S. non-profit broadcaster NPR were attacked and defaced late Monday, apparently by hackers supportive of Syrian President Bashar Assad's regime.
Starting around 11 p.m. ET Monday, several stories on NPR's breaking news blog The Two-Way and the NPR.org website, including some that appeared on the websites of affiliated "member stations," were defaced with the text: "Syrian Electronic Army Was Here," the Two-Way reported Tuesday morning.
"We have made the necessary corrections to those stories and continuing to work with our member stations," said the NPR statement quoted on the blog.
It said statements from the hackers were also posted on some NPR Twitter accounts, but the problem had already been addressed.
The Syrian Electronic Army is a group that has been posting pro-Assad messages on web pages, primarily of Western media outlets and some government officials for a few years. In March, it took over three Twitter accounts belonging to the U.K.'s national public broadcaster, BBC, including its weather feed.
The group's Twitter feed claimed Monday night that it had hacked five NPR Twitter accounts in total.
"We hope that NPR got our message #Syria," it added.
The group tweeted that it would not say why it attacked @NPR. "They know the reason and that is enough," it said.
A subsequent Twitter exchange suggested that it had to do with coverage of the conflict in Syria by NPR reporter Deborah Amos who "has told of the hard toll the fighting there is taking on the Syrian people," the blog post said.
Graham Cluley, senior technology consultant for the internet security company Sophos, suggested on the company's Naked Security blog that it's possible that the Syrian Electronic Army hijacked the account of an NPR staff member.
"Other organizations who are worried about their own accounts being hacked might want to consider more secure password policies and the possibility of turning on two-factor authentication," he added.
That would require someone to provide another piece of information in addition to a password in order to log into a company account. However, that feature is not yet supported by Twitter, Cluley wrote. In February, Twitter reset passwords for 250,000 accounts after they were compromised.
The Syrian Electronic Army has been operating for a few years. In 2011, it hit a large number of Facebook pages, including those of U.S. President Barack Obama, TV talk show host Oprah Winfrey, the U.S. Department of Treasury and ABC News.