Forbes website hacked by the Syrian Electronic Army

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Once again, a well-known media establishment has fallen victim to the hackers of the notorious Syrian Electronic Army (SEA).

This time it’s Forbes which has “published” an eyebrow-raising headline.

Forbes hacked by Syrian Electronic Army

Hacked by the Syrian Electronic Army

The pro-Assad hackers claimed credit for the hack on the magazine’s official Twitter account, and also published a screenshot of the WordPress admin console used by Forbes to run its online blogs.

Forbes admin console

The damage extended beyond Forbes’s website, however, also encompassing the Twitter-hijacking of various bloggers who work for the publication as well.

Sign up to our free newsletter.
Security news, advice, and tips.

For instance, here is what the Twitter account of Forbes blogger Samantha Sharf currently looks like:

Samantha Sharf on Twitter

Clearly someone in the Forbes social media team has been careless – perhaps they were duped into handing the keys to their online kingdom on a plate to the SEA after the hackers sent a convincing-looking phishing email?

It would seem that Forbes has angered the Syrian Electronic Army with its investigations and reports into the hacking group.

The Syrian hackers’ techniques are hardly sophisticated, but there’s no doubting that they work.

Past victims have included The Guardian, ITV, The Telegraph, the Washington Post, Viber, Skype, PayPal, and Thomson Reuters amongst many others.

All organisations would benefit from training their users to be on their guard against potential phishing attacks, and putting into place best practices (two factor authentication, different passwords for different websites etc) to better protect accounts.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Forbes website hacked by the Syrian Electronic Army”

  1. I just feel that we as a society personally and as a corporate entity MUST do more training in the social engineering space to inform our employees of the dangers that exist from outside sources. Thanks for the article Graham as always!

    Scott

  2. Beck

    That's insane. I completely agree that two-factor authentication would be an excellent solution. I actually use a 2fa program called Toopher with LastPass and I love it. I want it enabled on all of my SSO accounts. It automates authentication based on the GPS location of your phone, when you're at home or work so I don't have to constantly type in a code like Google Authenticator. Forbes should consider looking into it or other 2fa solutions to stop simplistic hackers early on.

Leave a Reply to Beck Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.