It’s hard to believe that giant, oft-trusted media outlets would fall prey to a scam like phishing, but it happened on Tuesday when the Associated Press’ Twitter account was hacked.
Hackers sent out a Tweet that read: “Breaking: Two explosions in the White House and Barack Obama is injured.”
In the two minutes following the tweet, the stock market plummeted and over $200 billion disappeared from trading.
In the same amount of time, word of the security breach spread and the market rebounded in the seven minutes following the tweet.
“I suspect it was what we call spear-phishing,” Kevin Mitnick told Seattle’s Morning News. He’s a computer security consultant as well as an author, convicted criminal, and hacker.
“Even though you wouldn’t think a lot of people would fall for this stuff, they actually do,” said Mitnick.
When someone is spear-phished, they receive an email from an entity that purports to be Twitter, Facebook, a bank, etc., and they need personal information, often your password, to verify your account.
Companies hire Mitnick to do security testing, and sometimes they use a technique called “social engineering,” meaning they manipulate, deceive and influence an employee to comply with their request. When they combine that technique with a spear-phishing attack – they have a 100 percent successful hacking rate.
Jeffrey Carr, CEO of Seattle-based cyber security boutique Taia Global, said that spear-phishing is especially easy on Twitter.
But he said the group claiming responsibility for the attack isn’t going to stop any time soon.
“This particular group appears to be a group of volunteers of Syrian youth that are fighting western and Arab media in the ongoing conflict in Syria,” said Carr. “The motive is just to create havoc and chaos among major western media accounts and also Al Jazeera and other Arabic media.”
The group is known as Syrian Electronic Army. Its claim couldn’t be corroborated. The FBI has opened an investigation into the incident, spokeswoman Jenny Shearer said.
“It’s very worrisome in terms of the potential for harm and chaos that could be done by a compromised Twitter account of a news site or an official person,” said Carr. “The world has really become a much more dangerous place because of the global interconnectivity of every one.”
The Associated Press contributed to this report.