Twitter tests two-factor authentication, AP accounts suspended following hack

24 Apr 2013

Image via Blazej Lyjak/Shutterstock

Yesterday, a fake tweet claiming there had been explosions in the White House and that US President Barack Obama had been injured was sent from the Associated Press (AP) Twitter account. In the wake of the news hack, the Dow Jones took a brief nosedive, all but one of AP’s accounts have been suspended and Twitter is upping its security measures.

The tweet sent yesterday from @AP (account currently suspended) said, “Breaking: Two Explosions in the White House and Barack Obama is injured.” Savvy followers quickly cottoned on to the false nature of the tweet, noting that there were no corroborating reports and that the format of the tweet was inconsistent with AP’s style.

Nonetheless, the tweet represents a major security breach for the trusted multinational news agency, whose material is frequently used by major newspapers and broadcasters worldwide. Following its publication, the Dow Jones industrial average sharply fell 143 points, though this dip was quickly recovered.

“Earlier this afternoon the @AP Twitter account was hacked. Out of a sense of caution, we have suspended other AP Twitter feeds. We are working with Twitter to sort this out,” said director of AP media relations Paul Colford, in a statement issued yesterday. It seems that all AP Twitter accounts except @AP_CorpComm are inactive for the time being.

Owing to the severity of the claims made in the tweet, the FBI is also said to be investigating the incident.

Syrian Electronic Army claims responsibility

Another tweet sent from @AP_Mobile yesterday stated, “Syrian Electronic Army Was Here” and the Syrian Electronic Army Twitter feed at @Official_SEA6 (also suspended) took credit for the hack, tweeting, “Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama” along with a screenshot of the fake @AP tweet.

This pro-Assad hacking group has targeted a number of news organisations of late, apparently railing against what it believes to be fabricated news about what’s happening in Syria in the media. Reuters, BBC, NPR and CBS have all been targeted, with fake news stories and tweets being published to websites and Twitter accounts.

The BBC hack last month, which affected BBC Weather, Arabic and Ulster Twitter feeds, may have been related to a phishing email sent to staff. AP also confirmed yesterday that a phishing attempt preceded the hack.

Twitter needs more security

In response to this and other high-profile Twitter hacks in recent times, the microblogging network may be preparing to launch a two-step security solution. Wired reports that two-factor authentication is currently undergoing internal testing with a view to rolling it out gradually to all users as soon as possible.

This log-in process will require not only a password but also an additional code sent to a pre-registered device, usually via SMS to a mobile phone. This level of security would prevent hackers gaining access to accounts through phishing methods alone, as they will need the users’ device and the newly generated code also.

Hacker image via Blazej Lyjak/Shutterstock

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com