Free Beacon Targeted In Hack Attack

Malware inflicted in coordinated attack on conservative sites

June 11, 2013

The Washington Free Beacon yesterday became the latest victim in a wave of cyber attacks targeting conservative news outlets.

The Beacon, in what appears to be a coordinated assault, joined National Journal and radio station WTOP as a target after certain articles were featured on the Drudge Report, one of the most heavily trafficked and influential sites in the world.

The Drudge Report itself has not been infiltrated.

"There seems to be this concerted effort by this cyber criminal to take over news sites," said Steve Ward, vice president of Invincea, the Internet security company that first identified the Free Beacon breach. He added that these particular attacks appear to have been perpetrated by criminals rather than by state actors such as China.

It is common for cyber criminals to target "communities of interest," Ward said. "The goal is to catch in their web as many people as possible."

"I think what’s happening is the bad guys are looking at Drudge as a great news aggregator and looking at some of the downstream news sites," Ward said in an interview. "It’s easier to hit these sites."

The Free Beacon was compromised on Monday when unidentified malicious code was embedded into two Free Beacon articles that had been featured on Drudge. Invincea, which sells unique Internet protection tools, reported on Monday that the Free Beacon was "redirecting user traffic to malware" that was infecting readers’ computers without their knowledge.

WFB staff took action, and by noon on Tuesday, June 11, had isolated and eliminated the threat. The site is now safe to browse.

One infected article focused on the NSA whistleblower, while the other focused on ammunition purchases for the Afghan National Army.

Invincea’s Ward said he discovered the malware upon clicking on the articles from Drudge.

"We browsed to Free Beacon [from the Drudge Report] and got hit," Ward said.

"The Beacon is not a culprit," Ward said. "This happens to a number of prominent news sites. It’s an ongoing campaign."

In the Free Beacon’s case, malicious code was embedded deep into the website in code known as Javascript. Readers traveling to the site would not have been aware that their computers had been infected.

"It’s an unknown exploit so the user just goes to the website to get the news content and they don’t even know they’re infected," Ward said.

Popular virus blocking software has trouble detecting these types of attacks because the malicious code is unfamiliar and anonymous, Ward said.

The only way to remedy the problem is to perform a full cleanse of the infected website’s servers and put in place protective measures to prevent another infiltration.

Aaron Harison, president of the Center for American Freedom, of which the Free Beacon is a project, emphasized the shared characteristics of the sites targeted by the hackers.

"The common thread is politics," he told the Washington Business Journal Tuesday.

"Our first job is to protect our readers and today we failed," Harison said in a separate statement to the Free Beacon. "We want to assure our readers that they're now able to read the Beacon securely, and that we are taking every step to make sure this will not happen again."

Harison continued, "As the commander of U.S. Cyber Command has said, there are two types of websites today: Those that have been hacked and those that have been hacked but their administrators don't know it yet."