The twitter message posted by the hackers on the AP newsfeed
News organisations around the world have been warned by social networking site Twitter to tighten security in the wake of several high profile hacks including The Guardian and Associated Press.
The recent wave of attacks have come from a group calling itself the “Syrian Electronic Army”, where they have managed to gain access to the twitter accounts of news organisations and tweet false statements which are then broadcast to the world.
The attack on the Associated Press account read “Two explosions in the White House and Barack Obama is injured” caused a “flash crash” on the stock market, as the auto-trading algorithms picked up the tweet and began rapidly selling certain stocks immediately. The market quickly recovered, but the £88 billion wiped off the Dow Jones in a few seconds was enough of a warning signal that tweets from these news organisations can make a huge impact around the world, and the security of these accounts should be taken seriously.
Dow Jones “flash crash” after the hacked tweet from the AP
Security experts have said that Twitter needs to take more action to guard against these attacks, as they are becoming more frequent. Twitter, however, has asked news organisations to review their internal measures on digital and social media security, including adding the rather unworkable idea that organisations should only use one computer to access their twitter feeds, with that computer not used to read emails or surf the web to avoid malware infections.
Security professionals have called on Twitter to introduce two-factor authentication as implemented by GMail after the large-scale hacking attacks from China on accounts in 2011. Facebook uses two-factor authentication, which means that users need to add their password as well as perform another action to login, when users are accessing an account from a different country or in an unexpected way to help minimize the chances of accounts being compromised. Twitter is rumoured to be trialling such a login method, but they have not confirmed this.
Methods to protects accounts like these are useful, but many of the recent high profile hacks have been the result of targeted phishing attacks, where the hackers send emails to specific users in order to glean login information when they click links, or open attachments.
The Syrian Electronic Army, which appears to support the Assad regime, has vowed to continue its attacks on media organisations.
