Hacking crew makes a mockery of Twitter account security again
The Syrian Electronic Army, which has been busy hijacking western media organisations’ social media accounts in recent weeks, has claimed another scalp in the form of the Guardian.
The group, which supports President Bashar al-Assad of Syria, has already hit major organisations, including the BBC and AP, posting a tweet about explosions at the White House, which knocked 143 points off of the Dow Jones and wiped $130 billion (£83.8bn) briefly off the value of stocks.
Syrian Electronic Army strikes again
This week the group has hacked various Twitter accounts of the Guardian, including @GuardianBooks, @GuardianTravel and @GuardianFilm, which are all currently suspended as the newspaper looks to recover from the attacks.
According to various Guardian journalists, more spear phishing attempts are flying in today, as the Syrian Electronic Army attempts to breach more accounts by sending emails with malicious links.
Tweets from a number of other compromised Guardian accounts, including “GuardianSustBiz and @BusinessDesk, promoted the Syrian Electronic Army.
“If the attackers were to send a convincing looking email to a news agency, claiming to be a link to a breaking news story, recipients might be fooled into clicking on it and being tricked into entering their Twitter account details,” said Sophos’ Graham Cluley, in a blog post.
“With many media organisations allowing a wide range of staff to update their official Twitter accounts, it only requires one worker to be fooled by an attack for the account password to fall into the wrong hands.”
The Syrian Electronic Army, which emerged in 2011, is believed to be sponsored by the Syrian government of President Bashar al-Assad. It has also hijacked social media accounts of America’s NPR and Fifa president Sepp Blatter.
Many are now hoping Twitter will introduce better security options for users – two-factor authentication in particular – given the high number of account hijacks taking place.
And Twitter has come in for criticism after issuing a “ridiculous” piece of security advice. The micro-blogging firm said news organisations should consider designating one computer for Twitter use, and to not use that machine for reading email or using the Internet.
Meanwhile, media organisations are being overwhelmed with spear phishing attempts. News International’s CISO recently told TechWeekEurope his organisation was being bombarded by malicious emails every day.
Are you a security expert? Try our quiz!