Sophos Cloud Optix
Twitter accounts belonging to The Guardian newspaper have fallen at the hands of hackers belonging to the Syrian Electronic Army.
The hackers have been making a habit of breaking into high profile Twitter accounts in recent weeks – their attack on AP’s Twitter account where they posted fake news of an explosion at the White House, actually managed to cause a drop in the Dow Jones.
In this most recent incident, unauthorised messages were posted from the newspaper’s @GuardianSustBiz and @BusinessDesk accounts earlier today:
Follow the Syrian Electronic Army... Follow the truth! @Official_SEA12 #SEA #Syria
Questions have been asked as to how the Syrian Electronic Army has managed to hijack accounts belonging to organisations such as the BBC, NPR, CBS and FIFA with apparent ease.
The suspicion is that the hackers have been targeting potential victims with phishing emails.
For instance, if the attackers were to send a convincing looking email to a news agency, claiming to be a link to a breaking news story, recipients might be fooled into clicking on it and being tricked into entering their Twitter account details.
With many media organisations allowing a wide range of staff to updatet their official Twitter accounts, it only requires one worker to be fooled by an attack for the account password to fall into the wrong hands.
The phishing theory certainly seems to be shared by James Ball, a journalist at The Guardian who tweeted about a phishing attack:
The guys doing the Guardian phishing attack I mentioned yesterday (it's SEA) are really very good: sustained, changing, mails today.
James Ball’s tweet was an update to an earlier message he had posted over the weekend:
Hm. Phishing attack specifically targeted at Guardian journalists in my inbox right now. SEA at work again?
According to some media reports, a total of 11 accounts belonging to The Guardian were hijacked – and although some have been recovered, others appear to either still be harbouring the unauthorised tweets or to have been suspended by Twitter security.
Hopefully, The Guardian will seize control back of all its accounts soon – and will join the growing band of organisations hoping that Twitter introduces stronger security for corporate accounts.
Make sure that the staff in your company are on the lookout for suspicious emails, and are clued-up about safe password usage to reduce the chances of being phished.
Image of Bird courtesy of Shutterstock.
Seems obvious that twitter needs to allow multiple logins for twitter accounts. The login and account need to be separated. This will also allow account managers to keep track of who is tweeting what for these kinds of media/corporate/marketting accounts.
How hard can it be for a half-way intelligent user to not click on links in email from unknown sources? How hard can it be to hover the mouse over a link to see whether it is the same as shown on screen or shortened/obfuscated so that you can not verify it? How hard can it be to send a test email to the email address to verify it is a good one? How hard can it be for a user to keep Windows patches, reader client, Java client, antivirus, and other often-used software up-to-date with patches?
Regards,
“How hard can it be for a half-way intelligent user to not click on links in email from unknown sources?”
Impossible since in many cases, the email appears to come from a trusted source. Just because the “from” email address claims to be another_employee@guardian.co.uk doesn’t make it so.
Spoofing email addresses is trivial. Surprising that you weren’t already aware of that fact.
I assume you’ve seen bit.ly (and similar) addresses? Mouse-over is no help there.
I always use untiny.me for revealing bit.ly (and other such sites) links.
Companies need to realize that the social networking sites are just that… for social networking. The majority of users are not going to put up with using advanced security measures because to them, it is too complicated.
Should be 'Hopefully, The Guardian will seize control back' 🙂
Message to Bob "How hard can it be for a half-way intelligent user to not click on links in email from unknown sources? "
There not unknown sources they send mail masquerading as legitimate users in company /organization they target!!
As this “phenomenon” has been in the news recently, I would like to clarify that the people who are hacking those websites and Social NW accounts are in fact not Syrians (i.e, the Brutal Regime Syrian Thugs). Those thugs only publish their action in Arabic Language and English but I can assure you that they don’t have the expertise to perform such job. There are Russian hackers along with Iranians, not to mention self-employed experts from Europe (Germany and Italy mainly) are working for the Syrian secret police and they are doing this job for them (all paid). I am Syrian and my uncle works for the ministry of communication and he assured me that, simply because he is the one who arranges the payments. he has to do that, otherwise, him and his family will disappear forever.
How do we know that the miscreant is actually the 'Syrian Electronic Army'? As it is so easy to spoof most things on so-called 'social websites' then it literaly could be anyone claiming to be the SEA – or is that pun for the wide oceans intended?
Seems to me that all commercial operations should not have any presence on any 'social website' of any sort, as its name implies it was originally intended for social activities and exchanges of information. So if you don't have such a 'presence' then there is no Facebook/Twitter/Flickr/WHY account to be hacked.