Guardian Twitter accounts hacked by the Syrian Electronic Army

Filed Under: Featured, Twitter

Bird. Image from ShutterstockTwitter accounts belonging to The Guardian newspaper have fallen at the hands of hackers belonging to the Syrian Electronic Army.

The hackers have been making a habit of breaking into high profile Twitter accounts in recent weeks - their attack on AP's Twitter account where they posted fake news of an explosion at the White House, actually managed to cause a drop in the Dow Jones.

In this most recent incident, unauthorised messages were posted from the newspaper's @GuardianSustBiz and @BusinessDesk accounts earlier today:

Tweet

Follow the Syrian Electronic Army... Follow the truth! @Official_SEA12 #SEA #Syria

Tweet

Questions have been asked as to how the Syrian Electronic Army has managed to hijack accounts belonging to organisations such as the BBC, NPR, CBS and FIFA with apparent ease.

The suspicion is that the hackers have been targeting potential victims with phishing emails.

For instance, if the attackers were to send a convincing looking email to a news agency, claiming to be a link to a breaking news story, recipients might be fooled into clicking on it and being tricked into entering their Twitter account details.

With many media organisations allowing a wide range of staff to updatet their official Twitter accounts, it only requires one worker to be fooled by an attack for the account password to fall into the wrong hands.

The phishing theory certainly seems to be shared by James Ball, a journalist at The Guardian who tweeted about a phishing attack:

james-ball-tweet

The guys doing the Guardian phishing attack I mentioned yesterday (it's SEA) are really very good: sustained, changing, mails today.

James Ball's tweet was an update to an earlier message he had posted over the weekend:

Hm. Phishing attack specifically targeted at Guardian journalists in my inbox right now. SEA at work again?

According to some media reports, a total of 11 accounts belonging to The Guardian were hijacked - and although some have been recovered, others appear to either still be harbouring the unauthorised tweets or to have been suspended by Twitter security.

Hopefully, The Guardian will seize control back of all its accounts soon - and will join the growing band of organisations hoping that Twitter introduces stronger security for corporate accounts.

Make sure that the staff in your company are on the lookout for suspicious emails, and are clued-up about safe password usage to reduce the chances of being phished.

Image of Bird courtesy of Shutterstock.

, , ,

You might like

10 Responses to Guardian Twitter accounts hacked by the Syrian Electronic Army

  1. BlackJackShellac · 354 days ago

    Seems obvious that twitter needs to allow multiple logins for twitter accounts. The login and account need to be separated. This will also allow account managers to keep track of who is tweeting what for these kinds of media/corporate/marketting accounts.

  2. Bob · 353 days ago

    How hard can it be for a half-way intelligent user to not click on links in email from unknown sources? How hard can it be to hover the mouse over a link to see whether it is the same as shown on screen or shortened/obfuscated so that you can not verify it? How hard can it be to send a test email to the email address to verify it is a good one? How hard can it be for a user to keep Windows patches, reader client, Java client, antivirus, and other often-used software up-to-date with patches?

    Regards,

    • James Blunt · 353 days ago

      "How hard can it be for a half-way intelligent user to not click on links in email from unknown sources?"

      Impossible since in many cases, the email appears to come from a trusted source. Just because the "from" email address claims to be another_employee@guardian.co.uk doesn't make it so.
      Spoofing email addresses is trivial. Surprising that you weren't already aware of that fact.

    • Adam · 351 days ago

      I assume you've seen bit.ly (and similar) addresses? Mouse-over is no help there.

      • Caine · 351 days ago

        I always use untiny.me for revealing bit.ly (and other such sites) links.

  3. DOlson · 353 days ago

    Companies need to realize that the social networking sites are just that... for social networking. The majority of users are not going to put up with using advanced security measures because to them, it is too complicated.

  4. Martin · 353 days ago

    Should be 'Hopefully, The Guardian will seize control back' :)

  5. bob · 353 days ago

    Message to Bob "How hard can it be for a half-way intelligent user to not click on links in email from unknown sources? "
    There not unknown sources they send mail masquerading as legitimate users in company /organization they target!!

  6. Syrian Revolution · 353 days ago

    As this "phenomenon" has been in the news recently, I would like to clarify that the people who are hacking those websites and Social NW accounts are in fact not Syrians (i.e, the Brutal Regime Syrian Thugs). Those thugs only publish their action in Arabic Language and English but I can assure you that they don't have the expertise to perform such job. There are Russian hackers along with Iranians, not to mention self-employed experts from Europe (Germany and Italy mainly) are working for the Syrian secret police and they are doing this job for them (all paid). I am Syrian and my uncle works for the ministry of communication and he assured me that, simply because he is the one who arranges the payments. he has to do that, otherwise, him and his family will disappear forever.

  7. MikeP_UK · 352 days ago

    How do we know that the miscreant is actually the 'Syrian Electronic Army'? As it is so easy to spoof most things on so-called 'social websites' then it literaly could be anyone claiming to be the SEA - or is that pun for the wide oceans intended?
    Seems to me that all commercial operations should not have any presence on any 'social website' of any sort, as its name implies it was originally intended for social activities and exchanges of information. So if you don't have such a 'presence' then there is no Facebook/Twitter/Flickr/WHY account to be hacked.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.