Last week the Twitter account of the Associated Press was hacked, apparently for the sole purpose of sending out false messages to AP’s followers. The group responsible for the attack is known as the Syrian Electronic Army, which is a group of Syrians who are fiercely loyal to the President of Syria. This group uses these tactics to send orchestrated attacks against news agencies that they feel portray their President in a negative manner. The false message they tweeted regarded an attack at the White House in which President Obama was injured in an explosion. The brief panic that ensued was felt as far away as the New York Stock Exchange where stocks took a sharp dive, only to recover later when the tweet was confirmed as false.

The danger of these tweets is that they often contain a link which a reader can click to read more information about the incident tweeted. These links often lead to a website that installs malicious Malware onto the victim’s computer. In a tweet with as significant news as an explosion injuring the President appears, millions will click the link to read more. In this particular case, there was no link, but the SEA is known for creating these malware rich sites.

After the hack was completed and later discovered, the SEA bragged about their accomplishment to the AP Twitter page. SEA has been known to hack into social media accounts for many sites outside of Twitter, including Facebook as well. Apparently, the hack was the result of a spear-phishing attack. In this type of attack, someone at AP received an email that was crafted make it look like it was from a friend or a co-worker. The spear-phishing type of attack focuses efforts in a specific company or agency. So, there is a need to take care for all these things.

You can follow any responses to this entry through the RSS 2.0 feed.