Late last month, hackers allied with the Syrian Electronic Army (SEA) compromised the Web site for the RSA Conference, the world’s largest computer security gathering. The attack, while unremarkable in many ways, illustrates the continued success of phishing attacks that spoof top executives within targeted organizations. It’s also a textbook example of how third-party content providers can be leveraged to break into high-profile Web sites.
The hack of rsaconference.com happened just hours after conference organizers posted several presentation videos from the February RSA Conference sessions, including one by noted security expert Ira Winkler that belittled the SEA’s hacking skills and labeled them “the cockroaches of the Internet.”
According to Codero CEO Emil Sayegh, the attackers spoofed several messages from Codero executives and sent them to company employees. The messages led to a link that prompted the recipients to enter their account credentials, and someone within the organization who had the ability to change the domain name system (DNS) records for Codero fell for the ruse.
Sayegh said the attackers followed the script laid out in Winkler’s talk, almost to the letter.
“Go look at minute 16 from his talk,” Sayegh said. “It’s phenomenal. That’s exactly what they did.”