AP Twitter Hijacking Proves Need for Better Authentication, Encryption

American media suffered another black eye Tuesday afternoon when U.S. stock markets briefly went into a tailspin after the Associated Press's Twitter account was hijacked and used to broadcast this false message: "Breaking: Two Explosions in the White House and Barack Obama is injured."

In a two-minute span between 1:08 pm EDT and 1:10 pm EDT, just after the fake tweet hit Twitter, the Dow Jones Industrial Average dropped 145 points. The market quickly corrected itself after the Associated Press disclosed that it had been hacked and its Twitter account suspended while it sought to correct the issue. The White House also confirmed that President Obama was "fine."

An organization calling itself the "Syrian Liberation Army" quickly claimed responsibility.

According to CBS News, the Associated Press confirmed that the hijacking of its Twitter account was preceded by a phishing attempt on its corporate network.

George Waller, executive vice president and co-founder of security specialist StrikeForce Technologies, says the incident calls attention to the need for enterprises to insist upon out-of-band two-factor authentication for remote access users (which includes anyone access Twitter accounts, for example) and keystroke encryption.

"Most likely, what happened here is what we've seen time and time again: The malware writers are constantly spear phishing for folks like this AP guy," Waller says. "What reporter out there doesn't have his email address out there in the public domain? Essentially, with that, they'll phish you and pass you a piece of malware in an email. It could be a pitch, breaking news, something like that. You're going to open it up and get infected."

"Most likely, they infected that person's machine with a keylogger and they watched and got his Twitter account when he logged in," he added.

Protection Requires 2-Factor Authentication and Keystroke Encryption

Protecting yourself and your organization requires two things, Waller says. First, you must use out-of-band two-factor authentication. In other words, when someone initiates a login, completing the login process requires entering a one-time password sent to the individual over a different channel-a text message on a mobile device, for example.

But even that is not enough, Waller says.

"If I put a keylogger on your system and you have out-of-band two-factor authentication, I may not be able to crack your password, but I can still watch everything you write," Waller says.

Because of that, the second essential component is keystroke encryption.

"Everyone needs to encrypt every stroke," Waller says. "Most likely if the AP reporter had keystroke encryption, he wouldn't have had that breach. The only way to protect real, live data in motion is you've got to encrypt every keystroke at the point of origin."

"In the past three years, if the world had out-of-band authentication and keystroke encryption on everyone's computer, probably greater than 95 percent of corporate data breaches and identity theft cases would have been prevented," Waller adds.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at tolavsrud@cio.com

Read more about network security in CIO's Network Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags Network | Network SecurityInternet-based applications and servicestwo-factor authenticationkeystroke encryptioninternetnetworkwhite housekeyloggersecuritydata breachAccess control and authenticationencryptiontwittersocial mediaphishing

More about CBS CorporationDow JonesFacebookGoogleIT SecurityMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place