Hackers from the Syrian Electronic Army have once again claimed a high profile scalp, compromising the blogs at British broadcaster Channel 4.
The hackers, who back the regime of President Bashar al-Assad, took over the blog of the station’s veteran news presenter Jon Snow and posted a story about a tactical nuclear strike against Syria.
Here’s a partial screenshot of what they posted, courtesy of Google’s cache of the webpage:
Claiming credit for the hack, the Syrian Electronic Army posted a screenshot of what appeared to be the WordPress admin panel for the Channel 4 blogs, something which should normally never be accessible to an unauthorised party.
The suspicion has to be that Channel 4 was running an old version of WordPress, vulnerable to a security exploit that allowed the hackers to gain access, or that an administrator had his password phished. In the last few days, WordPress has released the latest version of its blogging platform – version 3.6.
At the time of writing, all of Channel 4’s blogs are inaccessible and have been replaced with a message saying “Something’s broken (or we’re making things better)” alongside a picture of character’s from the station’s comedy “The IT Crowd”:
Of course, the Syrian Electronic Army is no stranger to hacking media organisations, having successfully compromised the likes of the BBC, ITV, The Telegraph, The Financial Times, The Guardian, and Thomson Reuters.
Although clearly embarrassing for Channel 4, the good news is that this appears to have been merely defacement. Imagine how things would have been much worse if the hackers had used the opportunity of breaking into a popular blog to spread malware to unsuspecting readers.