The Thomson Reuters hack became known late yesterday when a series of Tweets via its account pointed to pro-Assad cartoons. In a statement to the Wall Street Journal, Thomson Reuters explained, "Earlier today @thomsonreuters was hacked. In this time, unauthorized individuals have posted fabricated tweets of which Thomson Reuters is not the source. The account has been suspended and is currently under investigation."
The account has now been cleansed of the fraudulent tweets and has been reinstated. Meanwhile, Twitter suspended the Syrian Electronic Army account (@Official_SEA12) which – continuing the long-standing SEA/Twitter whack-a-mole saga – has (at the time of writing) reappeared as @Official_SEA14.
Companies that employ more than one account user are prime targets for SEA. Firstly the attack surface is greater than a single-user account, and secondly it makes use of Twitter's two-factor authentication virtually impossible. The same conditions probably prompted the attack on the White House staffers that became known over the weekend.
Three gmail accounts were compromised and used to send other White House accounts phishing emails designed to extract personal email and Twitter account credentials. According to Nextgov, about a dozen present and former staffers were targeted with link lures designed to look like BBC and CNN news stories.
The main target may well have been to take over the White House Twitter account in order to disseminate misleading information. When the Syrian Electronic Army hacked the AP account in April, a false announcement of an explosion in the White House and injury to the President momentarily wiped $136 billion of the DOW. The damage caused by a 'White House' announcement could be huge.
However, although it is against White House rules for staffers to use their personal emails for official business, it is unlikely that everyone would follow this rule precisely. The potential for gleaning inside information from personal emails would also be attractive. The attack "was ongoing as of Sunday night," reports Nextgov.
"Who knows how many accounts have actually been compromised so far," asks Jon French, a security analyst at AppRiver. "A crackdown in personal email usage and possibly some more user training may have avoided the phishing attack altogether. Situations like this should remind us that no one is safe from having online information stolen or compromised. Important targets such as White House staff could possibly offer more interesting results to hackers, making them prime resources to be targeted.”