Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Hacktivists hacked Twitter account of Associated Press to post fake news

Recently hackers have intensified the number of attacks against corporate social media accounts, the Twitter account is most targeted ones due the high interest of businesses in this comfortable communication channel. Various the companies that have recently been hacked on Twitter including 60 Minutes, 48 Hours and a Denver news affiliate, The New York Times, […]

Hacktivists hacked Twitter account of Associated Press to post fake news

Recently hackers have intensified the number of attacks against corporate social media accounts, the Twitter account is most targeted ones due the high interest of businesses in this comfortable communication channel.

Various the companies that have recently been hacked on Twitter including 60 Minutes, 48 Hours and a Denver news affiliate, The New York Times, The Wall Street Journal, The Washington Post, Burger King and the Jeep car company … and the list is not ended.

Last Tuesday hackers compromised the Associated Press Twitter account and posted a fake news about two explosions at the White house and discussing the news that President Obama was injured.

AP_Account_hacked

The news has obviously sparked great dismay, especially for the emotional wave of recent attacks in the Boston Marathon, fortunately immediately came the denial, Twitter promptly suspended the account and Julie Pace, chief White House correspondent for the AP, announced that the news was not real and consequence of account hack.

But few minutes were enough to influence, even if temporarily, the indexes of the Dow Jones, we live in the digital age and this is proof of the power of information.

Who has hacked the account?

The Syrian Electronic Army claimed responsibility for the attack with the following message

”RT @official_sea6: Ops! @AP get owned by Syrian Electronic Army#SEA #Syria #ByeByeObama pic.twitter.com/uHbfbIOItr

The group is not new to this type of attacks, last year it hacked social media account of the news agency Al Arabia to spread bogus news on explosion in Qatar.

 

AP_Account_hacked2

 

How to hack a social media account?

There are various ways to compromise an account such as:

  • Hackers could steal credentials to the victims with a malware based attack or using social engineering techniques.
  • Hackers could find credentials for an account protected with a weak password.
  • Surfing on a compromised network.
  • Account manager could be victims of a spear phishing attack.
  • Entrusting credentials to a malicious third-party application or web service.

Of course the implementation of a strong authentication could solve the problem, that’s the way some of the principal web service provider, such as email providers, has started to implement it.  In this case the attackers need more that credential knowledge, typically he also needs to own a “token” that could be software or hardware to access to the services.

The recent incidents confirms Twitter needs a stronger authentication process, at least for big companies and most popular accounts.

I hope similar events do not recur again …

Pierluigi Paganini

(Security Affairs – Hacking)