A hacker group called the Syrian Electronic Army (SEA) scared visitors to several news websites on Thursday by posting rogue pop-up messages saying they’d been hacked.
According to reports from users on Twitter the affected sites included those of CNBC, Forbes, the Chicago Tribune, OK magazine, the Evening Standard, PCWorld, The Daily Telegraph and The Independent.
Not all visitors to those sites have seen the pop-up messages, which read “You’ve been hacked by the Syrian Electronic Army (SEA)” and in many cases the incident was reported by mobile users.
SEA does not appear to have actually hacked the affected websites directly, but instead pulled off the attack through Gigya, a customer identity management platform used by a large number of brands. The group posted a screen shot on Twitter from inside the control panel for the Gigya.com domain at GoDaddy, suggesting that they had control over the account.
The hackers managed to change the DNS (Domain Name System) entries for the Gigya domain, pointing it to messages and images hosted on other servers, reported The Independent, one of the organizations whose website was affected. The issue has now been resolved, the publication said.
“A part of our website run by a third-party was compromised earlier today,” The Telegraph said via its Twitter account. “We’ve removed the component. No Telegraph user data was affected.
Gigya did not immediately respond to a request for comment.
The screen shot posted by SEA on Twitter was accompanied by a message that read: “Happy thanks giving, hope you didn’t miss us! The press: Please don’t pretend #ISIS are civilians.”
The SEA has used similar DNS hijacking techniques to target news and other organizations in the past, the attacks typically carrying a political message. The group has publicly declared their loyalty to the government of Syrian President Bashar al-Assad.