Cyber-attackers compromised systems at the Associated Press, gaining access to two Twitter accounts from which they falsely reported on April 23 that explosions had rocked the White House and President Barack Obama had been injured.
The fake reports caused a short-lived panic on Wall Street, and markets dropped more than 1 percent but quickly recovered. The Associated Press, a news coalition that delivers content to thousands of newspapers and Web sites, acknowledged the attack in its own news article on the incident, saying the attack had been preceded by a phishing campaign.
“The false tweet said there had been two explosions at the White House and that President Barack Obama was injured,” the Associated Press stated. “The attack on AP’s Twitter account and the AP Mobile Twitter account was preceded by phishing attempts on AP’s corporate network.”
Pro-Syrian-government hackers claimed responsibility for compromising the accounts and sending the tweet, according to media reports. The preceding day, the same pro-Assad hackers had taken over the accounts of two CBS programs, “60 Minutes” and “48 Hours.”
The April 23 tweet stated, “Breaking: Two Explosions in the White House and Barack Obama is injured.”
The Associated Press’ White House correspondent, Julie Pace, quickly responded with a correction through her own account. “The @AP Twitter account has been suspended after it was hacked,” she posted on her Twitter page. “The tweet about an attack on the White House was false.”
Twitter accounts are a popular target of hackers, who use them to publish prank messages or political attacks. In February, for example, hackers with an apparent connection with Anonymous hacked Burger King’s Twitter account, rebranded it as McDonald’s, and posted several prank statements. Also in February, Twitter unilaterally reset passwords for 250,000 accounts, following a compromise through which hackers gained access to limited user information.
Security experts called for Twitter to offer two-factor authentication procedures that could protect high-profile companies and celebrities from such attacks.
“There is a little bit of blame to go around here—not just the AP, but Twitter as well,” Tony Busseri, CEO of identity-management provider Route1, told eWEEK. “We are not doing enough around knowing who a person is before we give them access to digital resources.”
Because the Twitter account hijack happened after the Associated Press had been targeted with a phishing campaign suggests that the attackers have a deeper level of access into the AP’s network than just through social media, Rick Westmoreland, a security analyst with cloud-security provider SilverSky, said in a statement sent to eWEEK.
“The Twitter account is the tip of the iceberg and a sign that a much larger compromise of the company is possible (or) probable,” he stated.