Sunday, 26 May 2013

Twitter adds two-factor authentication after multiple security breaches

New Twitter logo
Twitter is moving to improve the security of its microblogging service with the introduction of two-factor authentication, finally meeting the demands of users of the site after endless hacks on accounts over the last few months.
The company said that the new feature will allow users to connect their Twitter accounts with a mobile phone number, which will be used to verify logins. When the user attempts to log into their account, they will be asked to provide a randomly generated code that will be sent via SMS.
Security experts have hailed the use of two-factor authentication as critical for services such as social networking platforms.
Because the system requires a one-time use code, an attacker who harvests a user's account information through a phishing attack or brute force password guess will not be able to access the account.
“Every day, a growing number of people log in to Twitter,” explained Twitter security team member Jim O'Leary.
“Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.”
In order to set up the new features, users will be required to provide a verified mobile phone number and email address. The company will then send a verification message to the user in order to set up the feature. Twitter noted that the service may not work properly with certain mobile service providers.
When active, the two-factor authentication could help to curb an outbreak of attacks on high-visibility accounts. Targets including the Associated Press and the Financial Times have been targeted by attackers who retrieved credentials from phishing attacks.

Governments risk killing internet freedom with cyber wars

Colourful web address URL bar in blue
Governments could use the influx of hyper-sophisticated malwares targeting their systems as a justification to push through draconian reforms that will end core internet freedoms, like the ability to browse anonymously, according to security firm PandaLabs.
PandaLabs' security expert, Luis Corrons told V3 the recent slew of attacks stemming from China listed in the firm's Q1 2013 Threat Report has resulted in a dangerous change in attitude by many governments regarding how much control of the internet they want.
"The first quarter of 2013 has been a really interesting one for cyber war. It's mainly about China, there are other elements but China's the main one. Whenever we see an attack on a company – or a government contractor or anything where someone has been hacked somehow and information's been stolen – most of the accusations go to China, which is perhaps unfair as most major governments are doing this in some way," he said.
"These kind of attacks are really professional; that's why it's difficult to see who's behind them. But when you look at them it's clear they have lots of money behind them. So they are getting more complex and they will get more sophisticated, but this will not just happen with China, it'll happen with every major player, like the United States for example.
This could create a desire for control of the internet, Corrons warned:
"My main concern is what this is going to mean for the rest of the internet users, for the wider community. I'm afraid this could result in changes to the internet we know and the freedoms we have may not be there anymore."
Corrons said that while the reforms may be slow, many governments like the US have already begun testing the water, toying with new technologies like electronic online passports.
"I don't have a crystal ball to see what's going to happen in the near future, but there are already people talking about electronic passports, making it so that you need some sort of ID to connect to the internet," he said.
"I think they will try and go this way, to have some control of the internet, which in my mind is really pointless and useless because you're only going to control the good citizens who go to the internet with their ID. Any criminals are not going to use that, they'll go over or around it to be anonymous, as they already do."
The right to surf the web anonymously is one of many online freedoms currently being debated by the European Commission and the UK government. Another key freedom being discussed is web users' right to be forgotten. Earlier this year, despite widespread calls for the freedom, representatives from the Information Commissioner's Office (ICO) and European Data Protection Supervisor said the right to be forgotten is impossible to guarantee.

Blue Coat acquires Solera Networks to help businesses spot sneaking cyber threats

Security padlock image
Blue Coat has confirmed plans to acquire Solera Networks, pledging that the move will let it offer new analytics-based services capable of warding off the new wave of evolved threats to businesses.
The firm announced the purchase early on Wednesday confirming that it is the opening step in a wider strategy shift designed to fix problems in most businesses' outdated, productivity-hampering, perimeter-based cyber defences.
Blue Coat president David Murphy told V3: "Many companies are frustrated by the barriers that traditional security networks in IT are putting in place, relative to what's available. We're not saying you shouldn't continue to do some of the core things, just that there a couple of key arenas that have been missing. We're closing to acquire Solera Networks, which is a leader in the ability to bring this deep inspection, recording capability and intelligence to the business as well as the security team."
Murphy declined to disclose the financial details of the acquisition, but did confirm it will see Blue Coat take control of the intelligence analytics and cyber forensics firm's 300 customers and 140 employees. The figure adds to Blue Coat's already impressive 15,000 customer base.
The chief said Solera's technology will be used to create several new service centres for Blue Coat customers. These include a Business Assurance Technology Resolution Center, a Policy Enforcement Center, a Mobility Empowerment Center, a Trusted Application Center and a Performance Center. The centres will offer businesses real-time analytics on their networks, making it easier for managers to mitigate threats and sensibly implement flexible device and application management policies.
"There are about 1.2 billion mobile applications in the market place today. The old model of trying to classify them by brute force doesn't work. We've built technology that allows you to bring all of those applications into a managed environment in an analytically-based way using an intelligence-based approach," he said. "What Solera does is allow you to create a kind of Tivo of the entire set of activities that's gone on for six months or a year."
Murphy highlighted the recent influx of targeted attacks hitting enterprise networks as further proof of the need for a change in strategy. "When one of these advanced attacks appears, one of the challenges now is that what you find at the instant it attacks has nothing really to do with the last three to six months of activity that led to that server being compromised," he said.
"We believe in order to be agile, you need the intelligence to go back to the cause, get full scope and redeploy defence measures around these advanced threats, which are much more personalised than the generic ones that have targeted network security in the past."
The Blue Coat chief said that by letting IT managers be more agile, businesses will be stop employees going round security measures, thus reducing the number of attack vectors open to hackers.
"Exchange is an example of this. In many companies Exchange has a file size limit of 20MB to 25MB. We know you can go and use DropBox and move any significant content we need to that way – we're going to work round Exchange if Exchange doesn't work," said Murphy. "In this case we have to allow the business to make a decision about what to do and support business DropBox use case as opposed to just saying you can't move files of that size, which frankly is ridiculous, people will still do it, but they'll do it in a rogue way."
Murphy's comments mirror those of several other technology firms. SAP chairman Hasso Plattner and head of technology and innovation Vishal Sikka have warned that businesses need lighting-fast analytics and monitoring services like HANA to combat the evolved cyber threat facing them.

Apache Darkleech PDF and JavaScript attacks infect hundreds more websites

Apache Software Foundation feather logo
Cybercrooks running the Apache Darkleech JavaScript attacks have become more tenacious, infecting hundreds more websites, according to security firm Zscaler.
The security firm reported a marked increase in the number of websites falling victim to the Darkleech attack on Wednesday, warning that many of them are hosted in the UK.
Zscaler's Krishnan Subramanian wrote: "The Apache Darkleech attack has been in the news for quite some time now. The first compromise that we identified in our transactions dates back to mid-March. This Darkleech exploit (aka Linux.Cdorked) injects malicious redirections into a website that leads to a Blackhole exploit kit (BEK) landing page.
"We are currently observing a considerable rise in websites being compromised due to this attack. The infected websites redirect to a version of the BEK version 2. We identified the following sites being compromised in the past week within observed Zscaler traffic."
Subramanian said that the complex nature of the attack's exploit method makes it difficult to know exactly how many sites have been affected, making tracking and combating the threat a difficult task.
"The exploit code targets vulnerabilities in multiple plugins including Adobe PDF and Java when run on IE, causing the attacker to load malicious code in the context of the application. When deobfuscating the PDF exploit, we can see the final URL used for redirection. However, this URL was not accessible (404 error response) at the time of writing, hence it was not possible to retrieve the malicious binary file," explained Subramanian.
"Upon revisiting some of these compromised websites, it was found that the page was no longer serving the injected code. This provides a clue. The attackers probably choose random sites running the Apache Webservers that are vulnerable to the Darkleech exploit and infect them only for a brief period of time and then clean them up. Hence tracking Darkleech infections can be a challenging task."
The attack was already believed to have infected thousands of websites when it was first uncovered earlier this year. Subramanian said businesses or website owners that are worried their site has been infected should contact their Apache server host to ensure they have installed the CVE-2012-1557 security patch to fix the flaw.

Amazon Web Services approved to host US government clouds

Amazon Web Services logo
Amazon Web Services (AWS) has cleared a major compliance hurdle, which could allow the company to strike new deals with US government agencies.
The company revealed on Tuesday that it has achieved compliance with the Federal Risk and Authorization Management Program (FedRAMP). The standard will allow the company to host moderate-level cloud initiatives for around 300 agencies in the US federal government.
AWS worldwide public sector vice president Teresa Carlson said: “Today most government computing systems require built-to-order platforms and applications to meet government security and compliance requirements, which involve time-consuming and costly evaluations.
“With this FedRAMP compliance, agencies can now utilise a streamlined process from AWS when moving applications to the cloud to meet their unique business and mission requirements.”
With the certification, the AWS platform can now be cleared for higher-level security and secrecy projects, opening the door for new cloud initiatives. Groups impacted by the ruling include the US Navy, Treasury Department and NASA.
AWS said that in meeting the FedRAMP requirements it had to comply with standards for security, monitoring and safe storage policies. The certification and compliance are being co-managed by HHS (US Department of Health and Human Services).
With governments both at the local and federal level looking to develop sweeping cloud initiatives in order to save money and reduce capital expenditures, achieving compliance with government regulations has been an important step for hosting firms looking to land lucrative government contracts.
Last week, Box made a point of announcing that it had cleared a federal government hurdle by complying with the ISO 27001 standard for secure storage.

Firms and governments face mobile security nightmare as 23,000 new threats emerge

Google Android Malware
Businesses and governments need to update their security strategies if they hope to protect themselves from rising tide of mobile threats, pegged at 23,000 for the year so far, according to Kaspersky Lab.
The Russian security firm released its Q1 2013 threat report on Tuesday, confirming it detected 22,750 versions of evolved mobile malware during the period. The figure means hackers have already created more than half the number of mobile malware that they did in the whole of 2012. Kaspersky said the number could continue to increase as virus writers keep taking advantage of security flaws in Android.
Kaspersky researcher David Emm told V3 the influx of new malwares proves governments and businesses current defence strategies are not adequate, on Wednesday.
"At a societal level, there are a number of factors that can help combat the increase in mobile malware. This includes the development of a legislative framework to deal with cyber criminals (in the UK we have well-developed legislation, but that's not true of all regions of the world), cross-border co-operation of law enforcement agencies, and market regulation (e.g. it's harder to set up an affiliate network that will allow successful monetisation of SMS-Trojans in the UK compared to Russia, China and other areas)," he said.
"In regards to businesses, organisations need to ensure they include mobile devices in their security strategy and deploy appropriate technology. This includes anti-malware, whitelisting, encryption, centralised policy management and containerisation of personal and business data (a result of the BYOD trend). It's also not just the threat of malware on the device, but the network itself, as shown by the discovery of 'Red October' - a targeted attack that specifically harvested data from devices connected to the network of victim organisations."
The report said: "Our data shows that in 2012 Android became the number-one target among virus writers, and that the number of threats over the course of the year grew steadily. Has this upswing in the number of mobile threats continued in 2013 so far? Indeed it has [...] A total of 99.9 percent of new mobile threat detections target the Android platform.
"January is traditionally a quiet month for mobile virus writers - ‘only' 1,262 new modifications appeared in the first month of the year. But over the past few months, Kaspersky Lab has detected over 20,000 new mobile malware modifications. In February, we detected 12,044 mobile malware modifications, and another 9,443 in March. To compare - a total of 40,059 modifications of malicious programs targeting mobile devices were detected over the whole of 2012."
Kaspersky said SMS Trojans that steal money from victims by forcing infected devices to text premium-rate numbers owned by the hackers remain the most used attack tool, accounting for 63.6 percent of all detected mobile threats.
Looking to the future Emm predicted the number will continue to increase as businesses reliance on mobile devices grows.
"The huge growth in mobile malware is a result of a number of different factors. Firstly, the huge numbers of smartphones being used. Secondly, the variety of ‘interesting' data now stored on these devices, such as: contacts, photographs, SMS messages, banking credentials and social networking logins," he said.
"Finally, the growing use of mobile devices in business and the lack of awareness from organisations around mobile threats. In a survey we commissioned last year, only 55 per cent of businesses considered mobile devices in the workplace a serious threat. The growth of mobile malware is only going to continue as people increasingly conduct business and sensitive transactions via mobile devices.
"Cybercriminals follow the money and as mobile banking and shopping continue to increase in popularity, so will the threats targeting these devices. However, it's not just financial data that's a key target, but also lots of personal data that can be harvested and used to frame targeted attacks."
Kaspersky is one of many firms to detect a marked increase in mobile malware targeting smartphone owners. Finnish security firm F-Secure said the number of mobile malware variants targeting smartphone and tablet users has risen by 49 percent since 2012 in its Q1 2013 Threat Report.

Microsoft calls for Office attack victims to be more vigilant with security patches

China flag
Microsoft has called on businesses to adopt a more proactive approach to its security updates, following the discovery of a campaign still infecting thousands of machines targeting an already patched Office vulnerability.
Security firm Trend Micro uncovered the campaign, codenamed SafeNet, targeting older versions of Microsoft Office on Friday. "The distribution mechanism the Safe campaign used involved spear-phishing emails that contain a malicious attachment," the report said.
"This technique, which is quite common for APT campaigns, encourages a recipient to open a malicious attachment by sending an email with contextually relevant content. We discovered several malicious documents that all exploited a Microsoft Office vulnerability (CVE-2012-0158). If opened with a version of Microsoft Word that is not up to date, a malicious payload is silently installed on the user's computer."
Microsoft said it is aware of the attack, confirming it has already fixed the vulnerability, meaning only customers that have failed to install the patch are at risk.
"Microsoft addressed this issue in April 2012 with Security Bulletin MS12-027 and we strongly encourage all customers ensure their systems are up-to-date with the latest Security Updates. Customers with automatic updates enabled do not need to take action, as those systems were automatically protected when we originally released the security update last year," said Microsoft Trustworthy Computing group manager Dustin Childs.
Even with the fix live, Trend Micro said the full extent of the campaign remains unknown although it has already linked several thousand IP addresses to it, indicating that its reach will be moderately far.
The report continued: "While we have yet to determine the campaign's total number of victims, it appears that nearly 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to Safe. We also discovered that the average number of actual victims remained at 71 per day, with few if any changes from day to day.
"This indicates that the actual number of victims is far less than the number of unique IP addresses. Due to large concentrations of IP addresses within specific network blocks, it is likely that the number of victims is even smaller and that they have dynamically assigned IP addresses, which have been compromised for some time now. Investigating targeted campaigns involves more than simply collecting actionable indicators like malware samples and C&C server information."
The firm said it was able to take advantage of a mistake made by the hacker to discern some details about its origin, but warned against premature accusations that the Chinese government is involved.
"The author of the malware used in the campaign is probably a professional software developer who studied at a technical university in China. This individual appears to have repurposed legitimate source code from an internet services company in the same country for use as part of the campaign's C&C server code," the report said.
"While the information that we obtained suggested the identity of the malware author, we were not able to attribute the campaign operation to him. In fact, while we were able to identify the various IP addresses used by the operators, the geographic diversity of the proxy servers and VPNs made it difficult to determine their true origin."
The attack is one of many believed to have stemmed from China. Most recently The New York Times reported that a Chinese military unit believed to have hacked over 140 US businesses had resumed its harmful activities.

Apple OS X Oslo malware linked to sophisticated 'Operation Hangover' gang in India

malware virus security threat breach
Security researchers at Norman have uncovered a large-scale malware and cyber-espionage operation believed to be related to high-profile attacks and government system breaches.
Known as Hangover, the attack is believed to have originated in India and is said to be a highly sophisticated and professional operation. The attack is not, however, believed to be a state-sponsored operation but rather an act of a private-sector group.
“It has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States,” the researchers said.
“It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations.”
The Hangover operation is said to include targeted attacks on organisations in the UK, Germany, Austria, China and Thailand, amongst other countries in Europe, Asia and the Middle East. Researchers believe that the attacks are primarily targeted operations in which high-profile users are infected with spear-phishing attacks that give the malware operators network access.
Most notably, the attack was found to be connected to a mysterious malware outbreak found targeting OS X systems. The attack, first uncovered by researchers at a privacy convention in Oslo, Norway, was found on the Macbook of a delegate from Africa. Norman also believes that the operation is using mobile malware that has yet to be formally discovered and classified.
Researchers noted that the Hangover attack could prove monumental in its indication that private groups, rather than state-sponsored hacking organisations, are now running highly sophisticated targeted attack and intelligence-gathering operations.
“All indications point to private syndicates of threat actors following their own motivations,” the researchers wrote. “With no direct evidence of state sponsorship by the Indian government or by any other nation.”

Cyber criminals resurrect credential-stealing Zeus/Zbot malware

Cyber crooks have resurrected and refined old versions of the Zeus malware, also known as Zbot, in order to steal financial information.
Security firm Trend Micro reported uncovering the malware late on Thursday, in the midst of a spike in the number of evolved threats active in the wild.
"The notorious info-stealing Zeus/Zbot variants are re-emerging with a vengeance, with increased activity and a different version of the malware seen this year. We can now include the data-stealing malware Zeus/ZBOT to this roster of old-but-new threats, which have increased these past months, based on Trend Micro Smart Protection Network feedback," wrote Trend Micro's Jay Yaneza.
"Zbot variants surged in the beginning of February and continued to be active up to this month. It even peaked during the middle of May 2013. The malware is designed to steal online credentials from users, which can be banking information or other personally identifiable information (PII)."
The malware is more dangerous as it uses more advanced infection and avoidance techniques. "Zbot malware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier versions, the mutex name is randomly generated," explained Yaneza.
"Both variants send DNS queries to randomised domain names. The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomised domain names. Zbot malware connects to a remote site to download its encrypted configuration file."
Trend Micro said there are several ways the malware can be detected and stopped. "There are several avenues for detecting Zbot variants. First, as the malware tries to write to the registry ‘Userinit' entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Secondly, detecting the call-back routine to the remote site upon execution, as it acquires its configuration file," wrote Yaneza.
This malware arrives during a wider increase in the number of attacks targeting businesses. Security firm Zscaler also reported detecting a marked increase in the number of websites falling victim to the Darkleech attack on Apache web servers last week.

Online freedoms must survive government hacker wars, warns US attorney general

Browser address bar with mouse cursor
The rise in cyber threats and malware attack tools must not threaten the openness of the internet as a place to do business, according to US deputy attorney general James Cole.
Cole highlighted the importance of maintaining core online freedoms in this fight against cyber threats in an address to the Georgetown Cybersecurity Law Institute on Thursday.
"We must work together to build closer and even better partnerships. Only by doing this will we be able to make the future internet a place where we can be more confident that our businesses, our privacy, and our personal finances can operate safely," said Cole.
"We need to facilitate the appropriate sharing of cyber security information like malware codes between the government and private industry so industry can protect itself. We also need legislation to incorporate privacy and civil liberties safeguards into all aspects of cyber security."
Cole said the government has already reached out to several of its allies to implement policies that ensure the internet remains open.
"We have been and should also continue to engage our allies and partners worldwide to solidify norms of cyber behaviour – to help ensure that the internet remains open, secure, and stable. It is also crucial for us to maintain a meaningful dialogue with the world's largest cyber actors and work together to develop an understanding of acceptable behaviour in cyberspace."
Cole's comments follow concerns within the security community that governments will use the recent influx of hyper-sophisticated malware that is targeting industry to push through draconian legislation, removing core online freedoms.
Most recently PandaLabs' security expert, Luis Corrons, said the recent wave of attacks stemming from China has led governments to reconsider the importance of key liberties, like the right to surf the internet anonymously.
The attorney general addressed the attacks, highlighting the threat they posed to critical infrastructure as a core challenge that must be addressed.
"The cyber threat also takes the form of destructive malware. This is malicious software that is capable of deleting everything on a given computer hard drive. This is not an imaginary scenario. In Saudi Arabia, an oil company called Aramco was infected with just such a virus. Our country's critical infrastructure is one of the most important areas requiring protection from cyber threats" he said.
"Today, most of the important critical functions in our society are run by computer systems. The power grid, hydroelectric dams, nuclear power plants, transportation systems, stock markets and communication systems are all controlled through sophisticated computer systems that allow them to be efficient, effective and coordinate with numerous other critical functions. Unless we work together, we will not be able to address the cyber threat successfully."
Cole urged US businesses to follow Europe's example and work with law enforcement and the government to educate their employees about cyber threats and share attack data with one another.
"Companies need to educate their employees on intrusion techniques such as spear-phishing or redirecting websites – the scams that use a combination of email and bogus websites to trick victims into clicking on website links or opening attachments. It only takes the carelessness of one employee to let a hacker into your network. So companies need to train their employees to recognise and avoid these kinds of scams," he said.
"You're going to need up-to-date information on what cyber threats are out there and what they look like. Participating in information-sharing platforms like InfraGard can help you in this regard."
Information sharing has also been a key part of many European governments' cyber strategies. The UK government has already put in place several information-sharing initiatives as a part of its £650m Cyber Security Strategy investment.
These have included the launch of the Cyber Security Information Sharing Partnership (CISP) and an open call for feedback from businesses on what they would like to see in the country's forthcoming cyber security organisational standards.

Liberty Reserve Owner Arrested for money laundering

Arthur Budovsky Belanchuk, the owner of  Liberty Reserve, has been arrested in Spain for money laundering.This was revealed by a joint investigation by the Spanish and US police agencies.

Raids were conducted at his home and office's. The investigation had been on since 2011. Also apparently Budobsky's business in Costa Rica was financed by child pornography websites and drug trafficking.

Libirty Reserve's main domain is not showing the original site,  its pointing to a sinkhole .

As you can see the domain was transferred on May 24,2013 to point to's name server - a server used by the US Governments to seize a website that has did an online fraud.
One of the EHN's reader, Jonathan Capistrano who contacted LR about the status of  peoples funds was told that they will not be closing down but are taking a break and that LR will be back "new and better" and finally said that funds will stay there , with no reduction or increase in value.  

Atlantic Bank, Fidelity Bank Ghana and few other sites hacked by Sepo

NYPD detective accused of hiring email hackers

Edwin Vargas, a detective with the New York City Police Department, has been arrested on Tuesday for computer hacking crimes.
According to the complaint unsealed in Manhattan federal court, between March 2011 and October 2012, Vargas, an NYPD detective assigned to a precinct in the Bronx, hired an e-mail hacking service to obtain log-in credentials, such as the password and username, for certain e-mail accounts.
In total, he purchased at least 43 personal e-mail accounts and one cellular phone belonging to at least 30 different individuals, including 21 who are affiliated with the NYPD.
After receiving the log-in credentials he had purchased, he accessed at least one personal e-mail account belonging to a current NYPD officer, and an online cellular telephone account belonging to another victim.
He paid a total of more than $4,000 to entities associated with the e-mail hacking services.
An examination of the contents of the hard drive from Vargas’ NYPD computer revealed, among other things, that the Contacts section of his Gmail account included a list of at least 20 e-mail addresses, along with what appear to be telephone numbers, home addresses, and vehicle information corresponding to those e-mail addresses, as well as what appear to be the passwords for those e-mail addresses.
He also accessed the National Crime Information Center (NCIC) database, a federal database, to obtain information about at least two NYPD officers without authorization. The e-mail accounts of those two officers were among the e-mail accounts Vargas paid the e-mail hacking services to hack into so he could obtain log-in credentials.
The investigation was conducted by the FBI and the PD’s Internal Affairs Bureau, and Vargas has ultimately been charged with one count of conspiracy to commit computer hacking and one count of computer hacking. Each count carries a maximum sentence of one year in prison.
"Of all places, the police department is not a workplace where one should have to be concerned about an unscrupulous fellow employee. Unlike the e-mail accounts, the defendant didn’t need to pay anyone to gain access to the NCIC database. But access is not authorization, and he had no authorization," commented FBI Assistant Director in Charge George Venizelos.

Syrian Electronic Army Hacked British ITV Twitter

British broadcaster ITV news was the latest mainstream media outlet to have its Twitter feed infiltrated by hackers in the Syrian Electronic Army.
The hackers, who are sympathetic to Syria’s President Bashar Assad, have sworn to attack news outlets perceived to be biased against the Syrian leader, who is in the midst of a two-year civil war. Previous victims include the Associated Press, The Financial Times, Daily Telegraph, and the Onion, a parody news site.
Twitter recently introduced the Two Step Authentication login method, an update that was designed to thwart security breaches of this sort.