Twitter hack sees New York Times warn of Russian missile strike against USA

A genuine example of fake news.

Twitter hack sees New York Times warn of Russian missile strike against USA

New York Times Video, @nytvideo, distributes video content from - you guessed it - the New York Times to Twitter users.

In fact, approximately a quarter of a million people follow @nytvideo to get their video news fix.

One wonders then what they thought when the following message appeared on the account yesterday.

Bogus tweet

BREAKING:

leaked statement from Vladimir Putin says: Russia will attack the United States with missiles

Scary stuff. If it was true.

But what had actually happened was that the New York Times Video account had been hijacked by the Our Mine hacking group, a gang which has specialised in embarrassing high profile figures by breaking into their social media accounts. Past victims of the hackers have included Facebook founder Mark Zuckerberg.

The New York Times deleted the offending tweets and posted an apology to its followers.

New York Times apology

This isn't the first time the New York Times has fallen foul of hackers.

In 2009, for instance, the Twitter account of its "The Moment" fashion blog was compromised by spammers who used it to publicise a naked webcam site.

More seriously, in early 2013 it was revealed that Chinese hackers had infiltrated the newspaper's network for months, compromised reporters' computers, and and stole the passwords of every employee.

So, how was the @nytvideo account compromised?

Clearly it didn't have the right protection in place.

Either it was careless with it password and fell foul of a phishing attack, or it made the mistake of reusing the same password on different sites. Often passwords of social media accounts have fallen into the wrong hands because a user was tricked into handing over their password to a phishing site, or a breach of another site results in carelessly reused passwords spilling into the laps of criminals.

Whatever the precise nature of how the hackers managed to get their hands on the keys to the account – it seems unlikely that @nytvideo had enabled Twitter's two-step verification (2SV) facility.

Twitter calls its 2SV system "Login verifications", and I strongly recommend that all users of the site enable the feature as it means that even if your password is compromised, it won't be enough to allow hackers to hijack your account.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

No comments yet.

Leave a Reply