Category: Twin Towers

Sep 13 2011

Christmas tree Trojan blamed for NBC News Twitter hack

Ryan Osborn, MSNBCMore information has emerged which might shine a light on the tasteless hack this weekend on the NBC News Twitter account, which resulted in bogus postings about a 9/11-style terrorist attack.

The latest theory appears to be that the @NBCNews Twitter account was broken into by hackers after the email account associated with it was compromised through the use of a keylogger.

According to an MSNBC report, Ryan Osborn, NBC News’s director of social media, could have been sent a spyware Trojan horse that grabbed passwords as they were typed at the keyboard.

Osborn says that he recently received a suspicious email as Hurricane Irene approached New York. The email had the following characteristics:

Hurricane Alert

Message body:
Ryan, You need to get off TWITTER immediately and protect your family from the hurricane. That is an order.

MSNBC, which is a sister company of NBC News, says that Osborn wrote back to his mystery correspondent saying “I’m sorry. Who is this?” and got the reply “I’m the girl next door”, with a file attached.

Email conversation

Osborn says that when he opened the attachment it contained an image of a Christmas tree.

The supposition is that the Trojan horse installed a keylogger on Osborn’s computer and was then able to gain unauthorised access to NBC News’s Twitter account. With the keys to the castle, it was easy for the hackers – who claimed to be from a gang called the Script Kiddies – to post their moronic insensitive messages:

Tweets from the NBCNews Twitter account

To his credit, Osborn spotted the false messages on the NBC News Twitter account and – despite being locked out after the hackers changed the password – managed to get Twitter to shut down the account within minutes.

The FBI are now investigating the security breach. Hopefully, the emails sent to Osborn’s computer have not been destroyed and might provide some clues as to the identity of those behind the moronic posts.

Sep 09 2011

NBC News Twitter account hacked with fake news of 9/11 Ground Zero attack

Sick-minded hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York.

The bogus messages claimed that Flight 4782 has been hijacked and another plane crashed into the site where the Twin Towers collapsed ten years ago.

Tweets from the NBCNews Twitter account

NBCNews’s Digital Officer Vivian Schiller tweeted confirming that their official account had been hacked, and asked followers not to retweet any of the offending messages:

Tweet from Vivian Schiller

In a subsequent message, Schiller confirmed that NBCNews was “working with Twitter to correct the problem and sincerely apologize for the scare that could have been caused by a such a reckless and irresponsible act.”

A group calling themselves the Script Kiddies have claimed responsibility for the hack. The same group previously hijacked and defaced Pfizer’s Facebook page and broke into the Fox News Politics Twitter account to post a bogus announcement about the death of Barack Obama.

Of course it’s very serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site – rather than what appears to be sick fake news headlines about a terrorist atrocity at such a sensitive time, with the 9/11 anniversary this weekend.

It’s unclear on this occasion whether NBCNews’s Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the persons who run the NBCNews account made the mistake of using the same password on multiple websites.

Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites.

Twitter appears to have now suspended the @NBCNews account, presumably to stop other users from retweeting the fake news and starting a scare.

Twitter should be applauded for taking such quick action, but isn’t it time that there was better security available to accounts which have a large number of followers, or who (like media organisations) may cause public panics if someone breaks in and starts tweeting false news stories about terrorist attacks?

Twitter login username and password

Just a username/password combination isn’t enough when a social media account is an important part of your business or public image.

I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.

Update: Christmas tree Trojan blamed for NBC News Twitter hack.