Why The Onion Is Awesome for Publishing Details of Its Twitter Hack
The Onion, the satirical news site that saw its Twitter account hijacked by a Syrian hacker group earlier this week, has just performed a pretty significant bit of public service.
In a detailed post, the site’s tech team has published a fairly thorough tick-tock on how the attack was carried out.
This is the opposite of what companies usually do when they experience a security breach. The pro-Assad Syrian Electronic Army has been attacking the Twitter accounts of many Western media organizations in recent weeks, including CBS News, the BBC, Associated Press, and others). None of those organizations have followed up with any significant disclosure about what happened.
When companies and organizations suffer a computer breach of any kind, the impulse is to keep the details of how it was carried out close to the vest. There are many legitimate reasons for this, not the least of which is that it’s embarrassing. And the details can shed light on internal processes and procedures that might be of value to competitors.
In addition, there’s a public relations consideration. Stories about hacking attacks are negative. If there’s any media coverage, there’s an understandable desire for the coverage to stop. Disclosures about how it happened yield another round of coverage that would otherwise be unwanted. In cases like this, the desire for no coverage wins out.
As one media organization after another has fallen for the Syrian Electronic Army’s tricks, there seemed to be a common thread that ran through the circumstances of each incident. All appear to have fallen prey to some kind of “phishing” attack. These are spoofed emails that look legitimate but which contain attachments or links that are used to gather information like usernames and passwords to carry out the attack.
What The Onion has disclosed is that the attackers in this case used a sophisticated multilayered attack, using information gleaned in the first round to then launch a second that gathers more information, and so on, until at last they had penetrated the target: The Onion’s Twitter account, with a healthy five million followers.
This is by far the most detailed account of any of these attacks that I’ve read. And the more people who read it the better, because eventually the methods used will stop working.
I’ve long thought that there ought to be more transparency from private companies in these matters, especially from media organizations that have a certain amount of accountability to the public that they serve. When hackers thought to be based in China attacked several media organizations, including The Wall Street Journal (which, like this website, is owned by News Corp.) and the New York Times, the apparent intent was to monitor communications about reporting what those organizations were doing about Chinese officials and companies.
In the case of the Syrian Electronic Army, the intent was to take advantage of the Twitter followers these organizations have attracted and hijack their accounts to spread political propaganda. The attacks do some short-term damage to reputations and result in some embarrassing press coverage for a day or so. Usually, no one ever learns anything useful, because the details remain obscured. Yesterday, The Onion changed that. It’s an example we can all learn from.