Sophos Cloud Optix
Sick-minded hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York.
The bogus messages claimed that Flight 4782 has been hijacked and another plane crashed into the site where the Twin Towers collapsed ten years ago.
NBCNews’s Digital Officer Vivian Schiller tweeted confirming that their official account had been hacked, and asked followers not to retweet any of the offending messages:
In a subsequent message, Schiller confirmed that NBCNews was “working with Twitter to correct the problem and sincerely apologize for the scare that could have been caused by a such a reckless and irresponsible act.”
A group calling themselves the Script Kiddies have claimed responsibility for the hack. The same group previously hijacked and defaced Pfizer’s Facebook page and broke into the Fox News Politics Twitter account to post a bogus announcement about the death of Barack Obama.
Of course it’s very serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site – rather than what appears to be sick fake news headlines about a terrorist atrocity at such a sensitive time, with the 9/11 anniversary this weekend.
It’s unclear on this occasion whether NBCNews’s Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the persons who run the NBCNews account made the mistake of using the same password on multiple websites.
Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites.
Twitter appears to have now suspended the @NBCNews account, presumably to stop other users from retweeting the fake news and starting a scare.
Twitter should be applauded for taking such quick action, but isn’t it time that there was better security available to accounts which have a large number of followers, or who (like media organisations) may cause public panics if someone breaks in and starts tweeting false news stories about terrorist attacks?
Just a username/password combination isn’t enough when a social media account is an important part of your business or public image.
I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.
Update: Christmas tree Trojan blamed for NBC News Twitter hack.
I hope they burn in hell
Eternal damnation seems like a little much. How about a nice paddling instead?
Sure, why not? How about with a nice board studded with spikes like they used to use in all those violent cartoons we used to watch as kids?
"Sick-minded"? You said yourself they could've done more damage with a malware/phishing link. What they wrote is called trolling. Welcome to the internet, Graham. U mad? 🙂
What they did was heartless. It's completely insensitive to the families of those who lost their lives ten years ago – they must be having a hard enough time of it right now, without seeing a legitimate news agency tweeting out news of similar attacks.
Of course, the news was fake (thank goodness). But imagine the panic the news could have caused.
This is the new age of the internet. This was a weak attempt anyway.
“This is the new age of the internet”
And that justifies it?
I saw this today, it looked fake from the moment I read it. No airline name, but yet flight numbers? Just the way it's worded sounds childish. I think a little kid could write a more realistic news-style tweet than the hacker did.
breaking into an business acct could they be charged legally with anything similar to industrial espionage laws as well as cyber hacking n homeland security violations i hope they throw the book at them insignificant twerps playing on the fears n emotions of the american people . then put a name to their sadistic crap script kiddies huh , nobody can hide forever u will someday get what u deserve
Notice the flight numbers changed from the first Tweet……
I think that's because the hackers were implying that there was a co-ordinated attack (like on 9/11). They said one plane had already crashed and another had been hijacked.
Lord knows what was going through the minds of the people who hacked the account..
I’m not one to call “fake” on everything, but I’d start googling before I’d panic over a news tweet with no link to the story.
Why doesn't twitter support for two factor auth for high value (verified) accounts? They don't even have proper support for shared accounts. Given how influential and important Twitter is as a broadcast medium, it's really scary and disappointing how Twitter has yet to take reasonable steps to safeguard their accounts.
Why did these guys hack the account? To take a shot at the US.
It was heartless. In no way do I condone or agree with their actions. It was a crime and should be prosecuted to the extent of the law, but stand back for one moment and think objectively.
The public stance of the US has change radically since WWII. Before then it was steadfastly isolationist. After the war it took the role of the world’s policeman, sometimes getting involved when perhaps different approaches would have been better.
I don’t want to politicize this, but when the then President of the USA swaggered into a press conference, explaining with a smirk that his gate is known as “walking” in Texas, thousands of his fellow countrymen cheered.
One theory suggests that a less arrogant, more conciliatory approach wins friends and changes hearts and minds far better than banging heads together. The latter approach does now seem to be hitting a nerve in the Obama administration: viz Libya and not wanting to take the lead in the actions ongoing there.
The US is war-weary, partly because they have lost thousands of sons and daughters for very little tangible gain, but also partly because many in that country are waking up to the reality of what the interventionist policies can result in if not deployed with careful thought.
So, how does this all fit together with script kiddies hijacking the Twitter account of a news agency?
Well, sometimes, if one wears big boots one must tread lightly – the grass has feelings to you know.
I agree with your sentiments but I doubt the people who did this thought anywhere near as much about those issues as you did. They are heartless trolls, not political activists.
I think it is very unprofessional for you to refer to the hackers as “sick-minded”, and to put so much personal opinion into your article whilst making those opinions sound like solid facts.
Personally I find it quite amusing that a country with a history of brutality, violence, illegal warfare, slavery, arms trading (with regimes like Gaddafi’s, Sadam’s and Osama’s) etc., run crying to mummy because somebody scared them a bit.
It’s a blog, hence, personal opinion is allowed.
I have no idea what you meant by your second paragraph, or it’s relevance to this article/issue.
It was ten years ago, get over it. 9/11 has been an excuse for just about everything that is wrong in the world. The USA and alies trashing and bashing… This bogus anniversary should is best remembered by forgetting about it. The inane tweet that the crackers posted is only of so much interest because people are disappointed that it was not real… come on, every one including the US government is expecting something to happen, almost willing it.
I hope nothing does happen like it again ever of course, too many good and ordinary innocent people perished, but how many others have paid the price for US vengeance… lock up the script kiddies, why? This attitude is exactly the reason that tens of thousands of normal everyday people round the world have been killed, maimed and tortured.
Once the authorities have established the IP address etc, send a cruise missile, that will sort them out, and its about as proportionate as invading Iraq was.
You folks sure have a nice day now.
I agree there should be the option of additional authentication, similar to a SecurID key, for some accounts. However the challenge will be in how people tweet and post to social media – many use several methods, such as twitter.com, HootSuite, and apps like Gravity all concurrently.
These would all need to have the authentication baked into it, and carrying around a fob to make sure it's you doing the posting. And of course they could charge for these.
As these services grow up, they need to act that way.
mp/m
Additional authentication achievement would be helpful. However, I think more should be done for cyber security legislation to put an end to cyber kiddies and their ilk. Remember what happens when bad false rumors are spread in the "Burning of Koran" rumor which caused Afghans to be inflamed and put additional risk on our troops!