Twitter hacks have become increasingly common and several high profile hoaxes raise serious questions about Internet Security.
On Friday the Twitter accounts of two prominent news organizations, the New York Post and UPI, were hacked and hoax news item sent out. We can happily assure anyone who saw the messages that NO, World War III has not started. The USS George Washington was not attacked by Chinese naval forces and did not respond in kind.
Oh, and you may also be interested in knowing that the Federal Reserve is not planning negative interest rates. While paying people to borrow money might not be as disturbing as war with China, it could disrupt the markets a bit. The hoax messages were on the public account for at least an hour, but the markets didn’t seem to react. The bait was not taken, but other news organizations such as CBS had to scramble to get confirmation from the US Military that Armageddon was not upon us.
High profile Twitter hacks are becoming all too common.
Last week, while at the very moment that President Obama was giving a speech on cyber security, hackers in support of the Islamic State in Iraq and Syria hacked the Twitter and YouTube accounts of the US Army Central Command. American troops were treated to messages about how the militant Islamists were “coming for them”. While the security value of this breach was low, the propaganda value to terrorist is enormous.
Hackers appear to be able to easily compromise the login credentials of Twitter accounts. They may simply guess the password used or hijack an email address associated with the account and reset the password. Twitter offers 2-Factor Authentication for password reset, requiring the user to enter a PIN sent to an email or phone on file, but not every company takes advantage of it. It can create complications if multiple people require access to the same Twitter account.
In many cases the best defense is the simplest. Using strong passwords for accounts such as Twitter makes it much more difficult for the hackers to success. Strong password would have at least 8 characters, combinations of alpha and numeric, upper and lower case letters and a special character.