Tuesday, April 23, 2013

Hacked AP Twitter Account Tweets 'Two Explosions in the White House' - Syrian Electronic Army Strikes Again

White House bombed - Olympus Has Fallen
This is did not really happen.
April 23, 2013 - "Breaking: Two Explosions in the White House and Barack Obama is Injured," said the ominous tweet from Associated Press's Twitter account.

The tweet was not true, however. AP's Twitter account (@AP) was hacked, and the culprits posted the bogus headline without AP's consent.

"Moments later," reports NBC News, "the @AP Twitter account — with nearly 2 million followers — was suspended. Immediately following the false tweet, the Dow Industrial Average lost about 140 points. These losses were immediately recovered."

Who did the hack job on AP? There is speculation now that it was the pro-Assad Syrian Electronic Army, according to the Quartz website.

AP's Mike Baker posted a screen shot (below), showing another hacked AP tweet that bragged, "Syrian Electronic Army Was Here."

The URL (web address) for the AP profile is (or was) twitter.com/ap. Attempting to go to that address, however, now takes you to twitter.com/account/suspended.

Twitter screen shot by @MikeBakerAP
More suspensions: Mike Baker tweeted at 2:58 PM ET this: "AP statement on hack: "Out of a sense of caution, we have suspended other AP Twitter feeds."  Baker included a link to the AP's blog, which says, "Earlier this afternoon the @AP Twitter account was hacked. Out of a sense of caution, we have suspended other AP Twitter feeds. We are working with Twitter to sort this out." AP says that despite the hacking of its Twitter account, "At no time was the AP news wire compromised."

NBC also reports that CBS News social media accounts for "60 Minutes" and "48 Hours" were hacked into on Saturday. There is no known connection between those events and today's hacking of AP's Twitter account. However, Foreign Policy reports that the SEA "defaced the homepages of Al Jazeera and Reuters last year, and more recently they've been targeting social media accounts in particular. Last month, for instance, they got into the BBC's weather feed. In the past week alone, they've hit NPR and 60 Minutes. They've also gone after non-media targets, including Human Rights Watch and Columbia University."

However, reports PC Magazine, "AP took to its Facebook page to say that 'the Associated Press Twitter account (@AP) has been hacked. Please do not respond to news posted there in the last 20 minutes'."

How do hackers compromise sites like AP, CBS News, and Twitter? "When hackers compromise a site with weak security," writes Quartz today, "they get their hands on huge databases of password and email address pairs. Then, when they want to attack a site with good security, like Twitter, they simply try out passwords gained in the previous attack. It works because the passwords are often the same across sites—i.e., humans are lazy."

Quartz also notes that "if Twitter wants to get serious about the astonishing amount of hacking that happens on the site, it really needs to implement another layer of security. Google has already, and so has Microsoft: It’s called two-factor authentication." Twitter's attempt just three days ago to deal with the SEA have not stopped them from continuing to hack Twitter account. On April 20, Twitter suspended the SEA account.