Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

Easy Twitter hack results in financial shockwave

24 April, 2013
Commentary from TeleSign highlights vulnerability of high profile Twitter accounts and the effect they can have when hacked


The hack on the Associated Press was a trivial exploit using employee access credentials to gain access to the news agency's Twitter account to place a bogus tweet about an attack on the seat of the US Government. Being such an authoritative new source, the AP tweet was taken seriously and send shock waves across America which resulted in a brief dip in the country's stock markets which only recovered when it became clear this was a hoax.



Commenting on the hack, security expert Charles McColgan of TeleSign told us: “Twitter historically has not had the best reputation for security and with the hack of the AP’s Twitter account today it’s arguable that this compromise had the largest financial impact of any Twitter attack to date. Given that news feeds are incorporated into real-time trading systems, it’s also likely that the brief sell off that happened right after the posting could have been from automation built at brokerages who have linked their trading systems into news events.



Unfortunately the problem that Twitter has is common across the industry, but there is hope. Companies like Apple, Google and Microsoft are now starting to offer optional two-factor authentication into accounts since they have begun to fully embrace the fact that a user name and password simply aren’t sufficient to protect online accounts.



While the details are sparse it appears that the exploit today was directed against employees of AP by a 3rd party instigating a “spear” phishing attack against them. Spear Phishing is where high value individuals are targeted with Phishing attacks in order to get information from them, get credentials from them, or fool them into installing software or exposing them to zero day exploits that will compromise the underlying systems.  Once the attack is successful the attacker can take action with the information he has or wait in the background until the right time. Seems like the attackers today took action quickly however often the more effective attack can be where the attackers exploit the target and then wait for the most opportune moment.



Given what we know there isn’t one solution to the issue we saw today other than to emphasize to the internet community that security and security awareness need to be a top priority for everyone. Twitter needs to understand this and should follow the lead set by Google, Apple and Microsoft and they should very publicly increase the security offered to their customers.”


Bookmark and Share