‘Syrian Electronic Army’ attacks Gigya, affects 80 websites

Victor Barreiro Jr.
The hack affects Rappler and other news and sports sites
SYRIAN ELECTRONIC ARMY. Screen shot from SEA Twitter account.

MANILA, Philippines – An attack by the “Syrian Electronic Army” on the popular Gigya social media integration platform affected some 80 news and sports sites, including Rappler.com, Thursday evening, November 27.

{source}

<blockquote class=”twitter-tweet” lang=”en”><p><a href=”https://twitter.com/Official_SEA16″>@Official_SEA16</a> killed it today <a href=”http://t.co/vWfZzRhqnw”>pic.twitter.com/vWfZzRhqnw</a></p>&mdash; SEAnuX 1.0 (@i_c_e4) <a href=”https://twitter.com/i_c_e4/status/538043815480025089″>November 27, 2014</a></blockquote>
<script async src=”//platform.twitter.com/widgets.js” charset=”utf-8″></script>

{/source}


The attack, announced on the “Syrian Electronic Army” Twitter account, notes that the Thanksgiving hack appeared to be meant for the media. It said: “Please don’t pretend #ISIS are civilians.”

{source} 

<blockquote class=”twitter-tweet” lang=”en”><p>Happy thanks giving, hope you didn&#39;t miss us! The press: Please don&#39;t pretend <a href=”https://twitter.com/hashtag/ISIS?src=hash”>#ISIS</a> are civilians. <a href=”https://twitter.com/hashtag/SEA?src=hash”>#SEA</a> <a href=”http://t.co/ZXzMWbXoYp”>pic.twitter.com/ZXzMWbXoYp</a></p>&mdash; SyrianElectronicArmy (@Official_SEA16) <a href=”https://twitter.com/Official_SEA16/status/537960538752311301″>November 27, 2014</a></blockquote>
<script async src=”//platform.twitter.com/widgets.js” charset=”utf-8″></script>

{/source}

Explaining the issue to its clients, Gigya CEO Patrick Salyer said in an email that there was “a breach at our domain registrar that resulted in the WHOIS record of gigya.com being modified to point to a different DNS server,” one controlled by the hackers.

Through that server, the hackers served a file with an alert claiming the site was hacked by the “Syrian Electronic Army.”

Salyer stressed that “neither Gigya’s platform nor any user, administrator or operational data has been compromised and was never at risk of being compromised. Rather, the attack only served other JavaScript files instead of those served by Gigya.”

Salyer said Gigya’s WHOIS and DNS records have been corrected.

Due to the nature of DNS operations, however, it may take some time for Gigya services to show properly for everyone around the world. New DNS settings could take up to 24 to 48 hours to propagate at its slowest rate.

This means some users of affected Gigya client sites may still see the “Syrian Electronic Army” message for that duration. 

In a separate tweet, the “Syrian Electronic Army” also noted that the hack “was harmless.”

{source} 

<blockquote class=”twitter-tweet” lang=”en”><p>We&#39;re the good guys so this was harmless but just in case the bad guys copy us, use NoScript with Firefox: <a href=”https://t.co/TawKevraTo”>https://t.co/TawKevraTo</a> <a href=”https://twitter.com/hashtag/SEA?src=hash”>#SEA</a></p>&mdash; SyrianElectronicArmy (@Official_SEA16) <a href=”https://twitter.com/Official_SEA16/status/538063174243606529″>November 27, 2014</a></blockquote>
<script async src=”//platform.twitter.com/widgets.js” charset=”utf-8″></script>

{/source}


None of Rappler’s servers were compromised in the attack. 

If you encounter this when accessing Rappler, clearing your browser of cache and cookies may help. For any other concerns, please email desk@rappler.com. Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.