The Financial Times (FT) has become the latest high profile news outlet to be compromised by hackers affiliated with the Syrian Electronic Army.
The hacktivist group briefly seized
control of both website and Twitter accounts from the FT on Friday,
posting message to site and various Twitter feeds announcing the
presence of the pro-Syrian hacking group.
The pages were soon cleaned and restored,
though not before multiple news outlets and security researchers were
able to document the compromise. By mid-afternoon BST the FT
acknowledged the hack and confirmed that it was working to secure its
accounts.
The hack adds the FT to a growing list of
news outlets which have fallen victim to the Syrian Electronic Army.
The pro-government group has previously laid claims to attacks on The Associated Press, NPR and The Onion. In each case, accounts were compromised when employees fell for a phishing attack which harvested account credentials.
Security experts have pointed out that
media accounts are particularly vulnerable to such attacks because
multiple users must share access to an account and use a common
password. Sophos technology consultant Graham Cluley
called on Twitter to implement better security controls, including
two-factor authentication and author access controls, to help prevent
such attacks.
“Twitter's approach inevitably leads to
media agencies, who are pressured to tweet breaking stories around the
clock, to share Twitter passwords with many staff worldwide - and hold
their breath that none of them get hacked or have their credentials
phished,” Cluley said.
“It would be great if Twitter could introduce two factor
authentication. It would be great if Twitter could introduce a way for
firms to give different staffers separate logins for the same account.”
No comments:
Post a Comment