Establishing Digital Trust: Don't Sacrifice Security for Convenience
A pro-ISIL hacker group briefly took control of Newsweek's Twitter account for 14 minutes on the morning of Tuesday, February 10, 2015.
Tweets posted by the hackers included the statements, "Je suIS IS" and "#CyberCaliphate Bloody Valentine's Day #MichelleObama! We're watching you, you girls and your husband!"
White House press secretary John Earnest said the FBI is investigating the hack, according to Politico . "I don’t have any response to the claims that are made by these hackers," Earnest said. "I can tell you we’ve seen a number of high-profile incidents in recent months where media organizations and other important institutions have been compromised in some way, or at least their computer systems compromised in some way."
"I can tell you as a general matter it is a good reminder for Congress to act on the cybersecurity legislation the president put forward just last month," Earnest added. "There are some common-sense things we can do to better protect the American people and their data, and better respond to these incidents when they occur."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"We can confirm that Newsweek's Twitter account was hacked this morning, and have since regained control of the account," Newsweek managing editor Kira Bindrim said in a statement. "We apologize to our readers for anything offensive that might have been sent from our account during that period, and are working to strengthen our newsroom security measures going forward."
Rapid7 global security strategist Trey Ford told eSecurity Planet by email that corporate social media accounts like Newsweek's are a relatively easy target for hackers, since they're often run by more than one person, making it a challenge to implement additional security controls like two-factor authentication. "In addition, the people running the accounts may not be well-versed in security protocols and threats," he said.
What's more, Ford said, companies rarely view social media accounts as key assets, so user education on how to manage them is often patchy. "This is something that needs to be addressed," he said. "Anyone can be the victim of a well-crafted phishing scam, but by educating users, you can make them less likely to be susceptible to such tactics."
And Caspida CEO Muddu Sudhakar said by email that hacking social media accounts has become a quick and easy way for fringe groups to reach a large audience. "The type of attack we saw today sends the world a message of their cyber-superiority and is a direct component of cyberwar," he said.
"To block these hackers from using social media as their political pulpit, online services need to adopt new behavioral attack detection technologies, which continuously monitor accounts to detect and prevent malicious activities and bad guys from account hacking," Sudhakar added.