The Associated Press’ primary Twitter account was hacked today, allegedly by a group called the Syrian Electronic Army. This is the same group that took responsibility for the 60 Minutes and 48 Hours account takeovers.
Once again, the Syrian Electronic Army has managed to take over the Twitter feed of a highly respected news agency, the Associated Press. As you can see in the screen shots above, the hackers used the hacked AP Twitter account to falsely report that there had been two explosions in the White House and that President Obama was injured. Note: Both reports are false.
Hijacking high-profile Twitter accounts and using them for nefarious purposes is nothing new. But causing the stock markets, oil and gold prices to plunge in response is a new, critically significant development.
Are we living in an age where 140 characters are so powerful that they can send the Dow Jones down by more than 100 points? Yes, we are.
That is the undeniable power of digital reputation. The Associated Press has a strong, well-respected reputation online and off. The Syrian Electronic Army hijacked that reputation and used it to manipulate financial markets (however briefly).
Immediate Steps that Associated Press, Twitter Must Take
Twitter has been the focus of so many attacks, it makes you wonder when they will begin to take the basic steps necessary to prevent account takeovers like the AP, 60 Minutes and NPR:
- Twitter should immediately implement Two-Factor Authentication, which requires both a password and a texted passcode in order to get into an account. This makes it much harder to hack high-profile handles.
- Both Twitter and the AP should champion a User Education Process that trains their users/readers on how to best detect phishing emails (which is how most of these accounts have been taken over). See the painfully simple video below that gives an example of how to educate people users about what a phishing attack looks like.
- Again, both entities should give their users guidance on how to create long, strong, site-specific and frequently varied passwords to lower the relative hackability of their accounts.
In previous weeks, NPR and CBS both had their online presence temporarily hijacked by the SEA. The group did get its own Twitter account suspended in the process, though new ones have been springing up in response.
Unlike some similar attacks by other groups, the SEA is very public about its involvement, often leaving messages like “Syrian Electronic Army was here.” The official “60 Minutes” and “48 Hours” accounts were among those compromised and made to display pro-Syria tweets bashing the U.S. Although control of the CBS feeds was eventually wrestled back, they have been officially suspended in response.
This hack is a wake up call: the more people you reach, the greater your circle of influence, the more appetizing it is for politically motivated groups to take control of your social media accounts and use them to move markets.
John Sileo is CEO of The Sileo Group and speaks around the world on social media privacy, identity theft prevention and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.