April 24, 2013
The Associated Press Twitter account was hacked yesterday with a false report involving explosions at the White House. The account was quickly suspended, but not before the news had been retweeted thousands of times, resulting in a temporary yet sharp drop in the Dow and news outfits clamoring to ascertain details. Although the account is active again, the news agency has nearly 2 million less followers, which Twitter explains could take up to 24 hours to repair.
“If the followers have indeed been wiped out, this would represent a serious blow for the AP,” suggests GigaOM. “Like other news organizations, the AP relies heavily on social media outlets to disseminate its stories, and an organization’s (or person’s) number of Twitter followers can stand as proxy for influence.”
The Syrian Electronic Army has claimed responsibility for the hack. AP reports that the compromise to its Twitter account followed phishing attempts on its corporate network.
“That reporters at the AP received an ‘impressively disguised’ phishing email speaks to the competence and determination of the attackers,” notes Quartz. “It’s not easy for overseas hackers who are not native speakers of the language used by their targets to write completely convincing emails… The AP reports that it had recently discovered that hackers had already installed malicious software on some computers, possibly via the same method (email phishing).”
“The hacking suggests two features that Twitter desperately needs: better security through two-factor authentication and an editorial function that allows account holders to post corrections to tweets that contain false information,” adds Forbes.
Twitter is reportedly testing a two-step security solution designed to prevent hackers from accessing accounts. “When logging in from a new location, it requires users to enter a password and a randomly generated code sent to a device, typically via a text message or smartphone application,” reports Wired. “In other words, accessing an account requires having two things: something you know (the password) and something you have (a previously registered device).”
Yesterday’s hack is the latest in a growing number of security breaches that have recently been discovered by western media outlets.
“Given the increasing frequency of attacks, like today’s attack on the AP, or recent ones against the BBC and ’60 Minutes,’ it seems like it would behoove the company to get something out now, even if imperfect, and iterate later,” recommends Wired. “That might mean launching with an SMS only solution, but even that would be better than the current system that relies on passwords alone. One interesting wrinkle with two-step and Twitter is that many of the accounts most prone to hacking have multiple, sometimes very many, users who use a variety of applications. Which means that any solution is likely going to have to support multiple devices, and multiple apps.”