Paradoxically, the SEA's attacks 'micro-hacks' against the Sunday Times and The Sun this week suggest that defences are improving

So often bitten in the past, website owners appear to be getting to grips with once-feared Syrian Electronic Army (SEA) after defacement attacks by the group on The Sunday Times and The Sun were repulsed in a matter of minutes this week.

If so, it’s an encouraging sign that media firms in particular have learned some of the lessons from a spate of successful compromises, including a data breach that hit Forbes in February. Let’s not speak to soon but after a long string of successes during a spectacular 2013, this year it's been slower going.

"Stop publishing fake reports and false articles about Syria. UK government is supporting the terrorists in Syria to destroy it, stop spreading its propaganda," read the message that appeared on the newspaper’s websites early on Wednesday morning.

That’s the bit we’ve become used to but what followed next took only minutes to unfold rather than the hours or even days as in the past; the publisher regained control of the sites in a reported 20 minutes, impressive given that the attack took place in the early hours.

The way in this time was reportedly through a third-part server but the newspaper appeared to have a recovery plan in place to cope with an attack, a ‘what-to-do list’ that gave it a way of reacting as fast as possible. Given the impossibility of defending against all website and social media hacks this is a good fall-back.

“Our website is currently being hacked by the Syrian Electronic Army. To keep reading the real story about Syria, buy The Sun tomorrow...,” The Sun was able to tweet.

The group’s modus remains pretty simple; steal credentials using phishing attacks (including, by the way, an attempted attack on an IDG title in recent weeks), by compromising online email and social media accounts and by targeting vulnerable third-party services.  

The SEA remains obsessed with Western media targets, presumably as a tactic to gain publicity from the people who normally generate it. Motivated by this strategy, the attacks won’t stop any time soon but at least they appear harder to pull off.