6 minutes on Twitter

05/02/2013
G DATA Blog

Twitter has become an important source of information. When its access data was stolen, the Twitter identity of news agency Associated Press was misused to distribute targeted misinformation concerning an assassination attempt. It's incredible how quickly such an incident can affect even the stock market.

The example given of the hacked Twitter account belonging to news agency Associated Press (in short AP) is a striking example of how the targeted distribution of misinformation can cause even financial damage. Attackers have long appreciated worldwide virtual platforms and worked out how they can be used in various ways to do harm. The combination of modern mobile devices and even static PCs with the speed at which information can be spread by them plays straight into their hands.
 

In the recently confirmed hack of the Twitter account belonging to Associated Press (in short AP), attackers were able to distribute a message concerning an alleged attack on the White House in which the US president was allegedly injured. According to information from CNN, the tweet was sent at 13:07 US Eastern Time, or 19:07 CET, on April 23rd, and was retweeted by almost 1,500 people in practically no time. The penetration at the third level was enormous, and even though the official AP corporate Twitter account released a response to the Twitter community just six minutes later, the original message could no longer be contained.
 

Financial damage?!

Despite the swift response from official sites, the incredibly fast distribution of the misinformation about the attack still caused the Dow Jones index to fall by almost 150 points.

Many Associated Press Twitter accounts (@AP, @AP_Country, @AP_Fashion, @AP_Images, @AP_Mobile, @AP_NFL and @AP_Travel) could not be accessed temporarily. https://twitter.com/AP_CorpComm was and remains accessible and reported the incident on the official AP site.

According to official statements from AP, penetration of the Twitter account was probably made possible by phishing attacks on the AP corporate network. It is also reported that the "Syrian Electronic Army" is claiming responsibility for the attack. They are now working closely with Twitter to explain this occurrence, announced Paul Colford, Director AP Media Relations, and the FBI has also initiated investigations.
 

Possible consequences

This is just one example of the power of social networks. It can now be imagined that copycats will pick up on the commotion surrounding this situation and use it for email spam campaigns and black hat SEO campaigns on the subject that was broadcast. Because of the current popularity of the subject, they can expect multiple potential victims being lured to manipulated websites, as was the case recently with the Boston Marathon spam campaign. This behaviour by the attackers is nothing new, yet it continues to be the cause of damages and consequential damages.
 

Twitter arms itself against attacks

The tech magazine Wired reports that Twitter is currently testing a two-factor authentication solution internally and hopes to be able to roll this out to users very soon. Following the current example of unauthorised access to a user account, the importance of such protective measures has increased once more, particularly as AP is not the first prominent victim of Twitter hijacking.
 

Effective protection

  • Use strong passwords for your user accounts. There are tips for secure passwords in the Tips & Tricks section of the G Data SecurityLabs website. Do not use one password for multiple user accounts at the same time.
  • Passwords should be regularly changed, especially with corporate user accounts that may be maintained by multiple individuals.
  • If a service offers you the use of multi-factor authentication, take advantage of this where possible to introduce an additional security precaution against attacks.
  • Never click on links or file attachments in emails and social networks without pausing to think first. The files/websites may be contaminated with malware or try to lure you into a phishing trap. If a message from a friend or institution seems strange, users should first check if it is authentic.
  • Before clicking on short URLs, use a service that shows you what the real URL underlying it is.

 

**** UPDATE, 24/04/2013, 15:13 CET ****

Since 14:46 CET the official @AP Twitter account is back online and reporting on global events as normal: https://twitter.com/AP/status/327040875660201986

 

**** UPDATE, 25/04/2013, 09:30 CET ****

As mentioned above, the subject of Twitter hacks and the alleged assassination attempt may be picked up on by copycats. Attackers might put fake news sites online or distribute fake password security tests with increased regularity once more.

Briton Alastair Coote (https://twitter.com/_alastair) has come up with one (fortunately!) humorous exploitation of this affair, impressively imitating a falsification of a falsification. On April 23rd he registered a domain with the name ismytwitterpasswordsecure.com, put a very simple website there and asked visitors the provocative question "Is my Twitter password secure?". He provided a login window to try it out and enable people to answer this question for themselves. The small font text should enable you to guess that this website is not what it appears to be.


After entering the first character or number in this input field, the text on the page changes, revealing its true purpose to anyone thinking of entering real data there!


The website has nothing whatsoever to do with Twitter.com. With this simple but impressive example Coote is trying to show visitors how important attentiveness is in such a situation.

Some AV providers and Microsoft systems block this fake fake website and categorise it as questionable. Although the site does not deliver any malware and can basically be visited without a problem, we can certainly understand the warnings in a way because it actually looks like a real fake website ;-)