(Entertainment-NewsWire.com, August 19, 2012 ) San Francisco, CA -- As of August 16, 2012 Reuters has been hacked twice in two weeks. This most recent hacking involved the hackers posting a false article reporting the death of Saudi Arabian foreign minister. The false news story was posted on the blog of a Reuters journalist, and although it was removed immediately the entire domain (blogs.reuters.com) was offline for most of the day during August 15 2012. As of Thursday August 16 2012, the site has been changed to a temporary placeholder page stating that blogs.reuters.com is having ‘technical issues’
Reuters states that the blogging platform was hacked on Tuesday August 14 2012. Reuters spokespeople stated that the false article was not reported by Reuters and that the fabricated story had been removed.
There have been no details provided about the hacking by Reuters, but the fact that they were running an outdated version of WordPress blogging software may go a long way towards explaining why the hacking happened.
Both attacks are quite similar in nature; the first attack falsely reported a story about the Syrian rebel army withdrawing from Aleppo. Aleppo is Syria’s largest city and a key battleground in the conflict between pro-government and anti-government forces. Shortly after the first attack, the Wall Street Journal said that Reuters had been running an outdated version of WordPress blogging software. The version that Reuters was using (version 3.1.1) had at least 20 reported weaknesses and vulnerabilities; the last time that version 3.1.1 was patched was over a year ago and version 3.4.1 is the most recent version of the software.
Marcus Carey from Rapid 7 says that WordPress is often a target of hackers and other attackers. The wide usage of the software makes it a tempting target for exploit developers, and gives them a lot of bang for their bucks.
The Reuters platform was taken offline for a little more than a day after the first attack. Once the sites were restored, Security Watch checked the HTML source code. They found a line in the header code that confirmed the platform being used was version 3.1.1. One of the lead developers at WordPress confirmed that Reuters was indeed using a dated version of the software. He downplayed the severity by stating that Reuters hadn’t be compromised again since the first attack.
Even after the second attack, that same lead developer (Mark Jaquith) stated that there’s no way to tell if the outdated blogging software is the culprit, unless Reuters is willing to share what they’ve learned about the security breaches. Jaquith says that its equally as likely that the hackers got onto the server through some other way, and once in, went looking for the WordPress platform.
Reuters isn’t saying what happened one way or the other, but it’s probably not good practice to be running blogging software that is several versions out of date. Marcus Carey says that WordPress and its plugins are clearly the targets of many hackers and other attackers.
Whatever version is being run, attacks on the platform are not that unusual. In the last year, many WordPress blogs have been hacked with the Black Hole exploit kit. The Black Hole exploit kit serves up malware to your unsuspecting visitors.
Carey feels that the blame shouldn’t be laid at WordPress’s feet, because the major issue is that site administrators and owners are simply not upgrading their blogs to the latest version of the software.
We’re keeping a watchful eye out for the return of blogs.reuters.com, and wondering if when they return this time they will finally be running version 3.4.1.
