- - Wednesday, June 12, 2013

The Washington Free Beacon yesterday became the latest victim in a wave of cyber attacks targeting conservative news outlets.

The Beacon, in what appears to be a coordinated assault, joined National Journal and radio station WTOP as a target after certain articles were featured on the Drudge Report, one of the most heavily trafficked and influential sites in the world.

The Drudge Report itself has not been infiltrated.

“There seems to be this concerted effort by this cyber criminal to take over news sites,” said Steve Ward, vice president of Invincea, the Internet security company that first identified the Free Beacon breach. He added that these particular attacks appear to have been perpetrated by criminals rather than by state actors such as China.

It is common for cyber criminals to target “communities of interest,” Ward said. “The goal is to catch in their web as many people as possible.”

“I think what’s happening is the bad guys are looking at Drudge as a great news aggregator and looking at some of the downstream news sites,” Ward said in an interview. “It’s easier to hit these sites.”

The Free Beacon was compromised on Monday when unidentified malicious code was embedded into two Free Beacon articles that had been featured on Drudge. Invincea, which sells unique Internet protection tools, reported on Monday that the Free Beacon was “redirecting user traffic to malware” that was infecting readers’ computers without their knowledge.

WFB staff took action, and by noon on Tuesday, June 11, had isolated and eliminated the threat. The site is now safe to browse.

One infected article focused on the NSA whistleblower, while the other focused on ammunition purchases for the Afghan National Army.

Invincea’s Ward said he discovered the malware upon clicking on the articles from Drudge.

“We browsed to Free Beacon [from the Drudge Report] and got hit,” Ward said.

“The Beacon is not a culprit,” Ward said. “This happens to a number of prominent news sites. It’s an ongoing campaign.”

In the Free Beacon’s case, malicious code was embedded deep into the website in code known as Javascript. Readers traveling to the site would not have been aware that their computers had been infected.

“It’s an unknown exploit so the user just goes to the website to get the news content and they don’t even know they’re infected,” Ward said.

Popular virus blocking software has trouble detecting these types of attacks because the malicious code is unfamiliar and anonymous, Ward said.

Story Continues →