Twitter warns news organisations over hacking amid Syrian attacks

Logo of Syrian Electronic Army The Syrian Electronic Army regularly links to material supporting the Syrian president

Related Stories

News organisations including the BBC have been warned by Twitter to tighten security in the wake of several high-profile hacks.

The Guardian became the latest publication to be hit by a group calling itself the Syrian Electronic Army.

A previous attack on the Associated Press caused stocks to dip.

Security experts have said Twitter itself needs to take more action to ensure its users are protected.

An email sent by Twitter to news organisations on Monday urged them to take a close look at their internal measures for dealing with social media.

Advice included making sure passwords were more than 20 characters long and made up of random strings of letters and numbers.

The social network also advised having just "one computer to use for Twitter".

"This helps keep your Twitter password from being spread around," the site added.

"Don't use this computer to read email or surf the web, to reduce the chances of malware infection."

Security researcher Rik Ferguson, from TrendMicro, told the BBC this particular piece of advice was somewhat unworkable.

"The point of Twitter is that it's instant, and you can react instantly.

"If you have to run back to the office to get to a particular computer to use Twitter, that's obviously going to impact upon its use."

Souped-up security

Twitter also encouraged organisations to have a closer relationship with the site to ensure account details are kept up to date.

"Help us protect you," the company said. "We're working to make sure we have the most updated information on our partners' accounts.

Dr Herb Lin, a cybersecurity expert, says media agencies are likely to make security changes to their Twitter accounts

"Please send us a complete list of all accounts affiliated with your organisation, so that we can help keep them protected."

Beyond advice to external organisations, there is increasing pressure on Twitter to bolster its own security.

Specifically, there have been calls from security professionals for two-factor authentication.

This would require two steps, the entry of a password as well as another action.

On Facebook, for example, two-factor authentication is triggered when users try to log in in an unexpected way, such as from a computer in a different country.

A report in technology magazine Wired last week suggested Twitter had begun trialling two-factor technology - but this is yet to be confirmed by the company.

Mr Ferguson noted that as Twitter remained a free service supported by advertising, two-factor authentication could prove costly.

He suggested one way to raise funds for enhanced security would be to charge major users to become "verified" - a status currently given to accounts which Twitter has checked are genuine.

"One thing Twitter should be looking at now is for any account which is verified to have a two factor log-in process," he told the BBC.

"If you make a nominal fee for verifying accounts - they can make sure that the accounts are protected from not only malware-based attacks, but also that staff are more protected from phishing."

White House blast

The Syrian Electronic Army's typical tactics to date have included sending "phishing" emails to glean log-in information from unsuspecting victims.

Once access to an account had been gained, the SEA would then begin to post tweets - in some cases mimicking the style of the victim.

BBC Weather account with hacked messages The BBC's Weather account was among those successfully hacked

This technique was most damaging in the case of the Associated Press. When the news agency's main account - @AP - was breached, the SEA posted that US president Barack Obama had been injured in a blast at the White House.

It was of course false, and swiftly corrected by other organisations - and later by AP itself - but not before $136bn (£88bn) was temporarily wiped off the New York Stock Exchange.

US financial authorities are to investigate the incident to "make sure that nothing nefarious in markets took place", according to the New York Post.

Meanwhile, the SEA - which appears to support the Assad regime - has vowed to continue its attacks on media organisations.

An anonymous user believed to be working for the group told Vice magazine: "They already started suspending us from the internet by closing our accounts, our pages and suspending our domain names, but they failed and they will keep failing.

"We will not stop or despair. If they close a Twitter account, we will open a new one; if they close a Facebook page, we will create another one; if they suspend our domain names, we will buy new ones."

Follow Dave Lee on Twitter @DaveLeeBBC

More on This Story

Related Stories

More Technology stories

RSS

Features

  • A very clever little girlBrain gain

    Why are people getting better at intelligence tests?


  • BeefaloBeefalo hunt

    The hybrid animal causing havoc in the Grand Canyon


  • A British Rail signBringing back BR

    Would it be realistic to renationalise the railways?


  • Banksy image of girl letting go of heart-shaped balloonFrom the heart

    Fergal Keane on the relationship between love and politics


  • Don Roberto Placa Quiet Don

    The world's worst interview - with one of the loneliest men on Earth


Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.