The Onion Proves Humans are the Weakest Link in Security

In a detailed and very serious post on github.io, the Onion’s tech team describes how the “Syrian Electronic Army” hacked into several of their social media accounts as well as Google Apps.  The methods used were quite clever and involved a sort of multi-tired approach to gaining access to more and more of the Onion’s accounts:

Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6. Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts.

To describe this sort of activity as “hacking” isn’t exactly accurate and it does a disservice to the public who should be educated on this sort of phishing scam and how to avoid it.

This is why it’s so important that along with implementing technical solutions to keeping websites and other services secure, we educate  clients and internal staff on best practices for handling passwords. As this case study shows, dozens of hours of security hardening and testing can be undermined by a single email and a poorly informed user.

2 Comments

  1. Hi would you mind letting me know which web
    host you’re utilizing? I’ve loaded your blog in 3 completely different internet browsers and
    I must say this blog loads a lot faster then most. Can you
    recommend a good web hosting provider at a fair price?
    Many thanks, I appreciate it!

    Reply
Click on a tab to select how you'd like to leave your comment

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>