The cyber-attack that affected a number of sites, including the Independent, the Evening Standard and Italy's La Repubblica, is the latest hack by the cyber-wing of embattled Syrian president Bashar al-Assad, the Syrian Electronic Army (SEA).
Security experts seem to agree that the hack came through a fault with Gigya content delivery network (CDN) which caused a blank screen with a popup saying "you have been hacked by the Syrian Electronic Army" to appear instead of the webpage.
The state-sponsored group has attacked several news sites in the past three years, including The New York Times, the Guardian and more recently the Sun and the Sunday Times.
The purpose of the hacking group is to counter what they perceive as propaganda and "fabricated news" against Assad by Arab and Western media.
The SEA, who has launched several spamming campaigns and DoS (denial of service) attacks on individuals and organisations hostile to the Syrian government, describes itself as a "group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria".
Helmi Noman, Citizen Lab senior researcher at Toronto University, who has documented the activities of SEA since 2011, reported that Syria has become "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".
In a televised speech in 2011, Assad publicly praised the SEA describing it as an "electronic army, which has been a real army in virtual reality".
The group's first attack took place against Harvard University website, with the defaced domain showing a picture of Assad featured the message: "SyRiAn ELeCTronic ArMy WeRe HeRE".
Among its main targets is the government of Qatar, which has supported and funded the Syrian opposition since the start of the unrest in the country. Qatari-backed al-Jazeera TV was one of the first media organisation to be hacked by the army.
Last year, the group became increasingly active against Western media, launching attacks on high-profile targets such as Sky News, the Financial Times, the Guardian, the BBC and culminating with a hack of the AP Twitter feed which saw $140bn wiped off the S&P 500 index for a brief period.
The primary method employed by the group is phishing, which involves sending targeted emails to employees of the media outlets the SEA are targeting. If just one employee clicks on a malicious link in the email, or downloads a malicious attachment, malware can be installed on the PC and could give SEA members access to the entire system, or at the very least passwords for Twitter, Facebook and other social media accounts.
That has been confirmed by AP, after its massive attack. AP reporter Mike Baker tweeted:
The SEA seems to focus on public targets to promote its cause and spread pro-Assad propaganda. Arguably, one of its main successes was the hack on the BBC Weather twitter account.
Tweets like "Tsunami alert for Haifa: Residents are advised to return to Poland", "Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way and "Long Live Syria Al-Assad #SEA" went viral on the social networking site, startling many users.
Various reports put the members of the group in Syria, Dubai, Turkey and Iran.
The group has intensified its attacks on Israeli websites "based on claims that some of these sites contain content that is antagonistic to Syria and Palestine, and also supposedly as revenge on Facebook for continually disabling the SEA's pages" Noman wrote.