I’m a bit of a night owl, so last Thursday night I was awake and watching one of the cable news channels when the shooting of an MIT police officer broke. Because the news channel did little more than share the story before going back to its regular programming, I did what millions of others did that night: I went to Twitter and was mesmerized over what unfolded in real life and over social media that night.
Twitter proved itself to be an amazing reporting tool on what was a fast-paced, constantly changing news night. I’m not saying it was accurate all the time, but there were a number of eyewitnesses sharing details. Television struggled to keep up.
But Twitter is also vulnerable to hacks, and this leads to misinformation being reported, as we saw on Tuesday. There were two reports of Twitter hacks in the news. One was the reported hack of a former Alabama football player, days before the NFL draft. It appeared that the young man sent out a Twitter message saying that he was paid to play college football – a very serious violation. The young man quickly claimed he was hacked, and others familiar with the story also say it appears that the account was hacked.
A second, much more serious, Twitter hack involved The Associated Press. Through the AP account, a false tweet was sent, reporting an explosion at the White House and injuries to President Obama. Sean Bodmer, chief research for CounterTack, told me in an email that the AP Twitter hack was performed by a Syrian hacker cell – most likely responding to an earlier publication in March that the Syrian president had been shot by his bodyguard. Bodmer added:
I would wager this was meant to harm our International platform and partners as I am sure similar events occurred in March the Syrian President had to respond and recover from. Social Engineering has been in use for decades and there are numerous effects, just like the Dow Jones dropping this afternoon in the wake of the AP Tweet. There were also numerous calls across the world attempting to verify and validate the AP (a trusted group) story. Moreover, this took away from U.S. action items for the day to respond to the flood of requests.
The attack appears to have happened through a phishing scam, according to Rick Westmoreland, level III security analyst for SilverSky, and malware was also found in several AP computers. Westmoreland told me:
The fact that the Twitter account was hacked, likely through exploitation of internal machines, indicates that it isn’t just the Twitter account that was exposed. Any other internal accounts that have been accessed on that machine are likely compromised as well, and depending on the kind of access allowed, this could affect other social media accounts as well as internal resources. The Twitter account is the tip of the iceberg and a sign that a much larger compromise of the company is possible/probable.
For all of the upsides of Twitter, recent news shows the downside of social media, and Twitter in particular – how it can be used to spread false and dangerous information, how it can be the source of malware, and how easily it can be hacked into. Does your company have policies in place to keep Twitter a useful tool rather than a tool that can do a lot of damage to your network and company reputation?