Forbes has published an article on the recent hack attack carried out by the Syrian Electronic Army. Not many technical details have been revealed, but there are some worth mentioning.
The company confirms that the attackers have used spear-phishing emails to trick Forbes staff into providing passwords to the backend of the publishing systems.
On Thursday and Friday, Forbes made a number of unsuccessful attempts to kick the hackers out. It also contacted the FBI to seek assistance.
“Late Friday morning, FORBES received an email with a screen grab purporting to show information captured from our publishing database. The author implied the attack would stop if ‘fees’ were paid,” wrote Forbes’ Lewis DVorkin.
Shortly after the article was published, representatives of the Syrian Electronic Army responded with the following comment: “@Forbes claimed in an article posted by them that we emailed them requesting ‘fees’ at Friday, but then the database was already published.”
“Dear @Forbes, making a fake story (we requesting ‘fees’) after we posted a joke about selling the data is not the good way to defend yourself,” the hackers added.
“Just for future notice, we would never ask for money in return for anything. All we ask for is your support.”
Forbes says it’s in the process of notifying the 1 million readers whose information has been published online by the Syrian hacktivists. Customers are being advised to change their passwords.
Experts have already demonstrated that at least some of the hashes can be cracked. The encryption method is better than the one used by Adobe, but it’s far from being the best.
The Syrian Electronic Army deleted the leaked file and advised Forbes readers to change their passwords.
“We didn’t publish the user table of Forbes to show off, but because they deserved to be embarrassed,” the hackers said. “We have access to bigger user tables than Forbes one but Forbes has been so unethical that they deserved it.”