Share

Top 5 Stories

News

CBS News confirms hack of Twitter feeds

23 April 2013

The Twitter accounts for CBS News’ "60 Minutes" and "48 Hours" were hijacked over the weekend by the pro-regime Syrian Electronic Army, and used to push out messages “reporting” terrorist activity on the part of the US government. In response, Twitter has suspended the SEA’s account – or at least is trying to.

A prime sample of the weekend hack is this tweet: “Exclusive: Terror is striking the #USA and #Obama is Shamelessly in Bed with Al-Qaeda.” Another read, “New Evidence of CIA Arming Al Qaeda Terrorists in #Syria.” Aside from pushing out the fake news, the tweets also included links, which AllThingsD reported were believed to lead to malware-carrying web pages.

CBS was quick to denounce the phony feeds from its uncompromised @CBSnews account: "We have experienced problems on Twitter accounts of #60Minutes & @48Hours; We apologize for the inconvenience; Twitter is resolving issues.” The offending tweets have been taken down.

The Syrian Electronic Army, cyber-supporters of Syrian President Bashar Assad – is making news hacks its go-to M.O. Last week it compromised feeds from National Public Radio, while last month it commandeered the BBC's weather service, of all things. In the past, Reuters and Al-Jazeera have been victims.

Sophos Security’s Graham Cluley noted that Twitter is now playing what he terms “Whack-a-Mole” with the SEA as it tries to shut down the group’s account. The @Official_SEA has now been suspended, but the SEA just created a new account, called @SyrianCyberArmy.

“And when that one was shut down, they created yet-another-Twitter-account - @SEA_Official3,” Cluley said. “Guess what? Yep, that one has been shut down too. And, as certain as night follows day, the SEA responded by creating @Official_SEA5. You can probably guess what happens next in this story. That's right, @Official_SEA5 was suspended by Twitter. Not that that has stopped the hackers, of course.”

While Twitter does not yet have two-factor authentication, these kinds of hacks do point out the critical necessity to adopt more stringent login procedures whenever possible.

“Other organizations who are worried about their own accounts being hacked might want to consider more secure password policies and the possibility of turning on two factor authentication,” Cluley said.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×