It’s just a couple of hours after the AP’s Twitter account was hacked, sending markets into a tizzy with a false report of violence at the White House. But we already know, through tidbits offered by the AP itself, how it happened.
First, there was a “phishing” email sent to reporters at the AP.
These emails are (usually) a ham-handed bit of “social engineering,” containing some text and a link. The trick is, getting people to click on the link. If you’ve ever been offered free porn in your inbox, you know the drill: some proportion of dopes who receive the email will click on the link, leading them to a site that may try to install malicious software on their computer.
That reporters at the AP received an “impressively disguised” phishing email speaks to the competence and determination of the attackers. It’s not easy for overseas hackers who are not native speakers of the language used by their targets to write completely convincing emails, for example.
Which led to the installation of malicious software.
The AP reports that it had recently discovered that hackers had already installed malicious software on some computers, possibly via the same method (email phishing) attempted today. So today’s hack of the AP Twitter account was either carried out via that malicious software or, given the timing, via some newly-installed malicious software.
And then the Syrian Electronic Army, which Twitter has been battling for days, took credit.
The Syrian Electronic Army (SEA) has been on a tear lately, taking over Twitter accounts owned by CBS and Sepp Blatter. Twitter has responded by banning one “official” SEA twitter account after another, but the SEA just keeps putting up new ones on which to trumpet its exploits. They’re pretty easy to find, too—as soon as Twitter bans one, the SEA starts a new one and increments the number at the end of them. We’re now up to number six: @official_SEA6.
So who is this Syrian Electronic Army?
The SEA has been hacking Twitter for months, and appears to only be getting better at it. Back in March, they went after the Qatar Foundation’s Twitter and Facebook accounts. Those attacks were explicitly political, and made clear the goals of the SEA: spread pro-Assad propaganda.
Apparently hacking obscure, but relevant, social media accounts wasn’t enough for the SEA. Although it’s hard to see how tweeting false claims about explosions at the White House will make anyone more likely to see things their way.