AP Twitter hack looks like a security tipping point
Two-step identity verification and analysis of user trends could prevent future attacks, experts say
IDG News Service - Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
Wider use of two-factor authentication, which can involve an access code being sent to a user on a second device such as a smartphone, is one possible solution. Such a mechanism could be introduced selectively, some experts said, for high profile accounts such as celebrities and large corporations.
"Twitter needs to get on board and make two-factor authentication available ... as fast as possible," said Andrew Storms, director of security operations at nCircle Security.
The AP's Twitter account was hacked Tuesday morning, resulting in a bogus tweet reporting that there were "two explosions in the White House and Barack Obama is injured." A group calling itself the Syrian Electronic Army claimed responsibility, via their own Twitter account.
The tweet was only visible for a matter of minutes, but the Dow Jones industrial average took a nose dive immediately after it was posted before recovering several minutes later. Unlike some previous hacking incidents, "this one had a real-world impact on the markets," noted Steve Brunetto , director of product management at EdgeWave, a social media and email security company.
The AP joins a list of companies that have recently been hacked on Twitter. Three CBS brands -- 60 Minutes, 48 Hours and a Denver news affiliate -- were hijacked this past weekend. The New York Times, The Wall Street Journal and The Washington Post have also been hacked in recent months. In February, Twitter announced the site itself had been breached.
The Twitter accounts of Burger King and the Jeep car company have also been compromised. After those incidents, Twitter urged users to be smarter with their passwords and in how they use the site.
Twitter has remained largely quiet following Tuesday's AP attack. "We don't comment on individual accounts for privacy and security reasons," a spokesman said. But now may be the perfect time for the social network to employ stronger safeguards to prevent future account breaches, some experts said.
"Twitter needs to move faster in stepping up its cybersecurity efforts," EdgeWave's Brunetto said.
Mark Risher, CEO at Impermium, an Internet security firm based in Redwood City, California, said he thinks Twitter already takes security seriously, but Tuesday's attack does "elevate" concerns, he said.
One strategy would be for Twitter to implement a two-step authentication system. In one common implementation, when users log into the site from their laptop, Twitter would send them a passcode to a second device, such as their mobile phone. They would then need to enter that code as well as their login and password to access the site.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!