Newsweek Twitter hack is a sign of the times

Account compromises are likely to continue unless businesses get smarter about security

Newsweek's page as it appeared on Twitter after it was hacked.

Newsweek's page as it appeared on Twitter after it was hacked.

The Twitter accounts of two more companies -- Newsweek and the International Business Times -- were compromised on Tuesday, showing Twitter's attractiveness to hackers despite its cybersecurity features.

The @Newsweek account was hacked at 10:45 a.m. Eastern time by a group identifying itself as the "Cyber Caliphate," claiming affiliation with the militant group known as ISIS or the Islamic State.

The account, which has more than 2.5 million followers, was compromised for nearly 15 minutes, during which time messages were tweeted threatening First Lady Michelle Obama and praising "cyber jihad," according to an account of the incident published by Newsweek. The account's profile picture and banner were changed to images of a masked man and the Black Standard flag typically flown by ISIS.

Also, ibtimes.com, the website of the International Business Times, was apparently hacked by the same group, Newsweek said. Newsweek and the International Business Times share a parent company, IBT Media.

The rate at which established companies, media outlets and public figures get hacked on Twitter is becoming exasperatingly high. The Twitter account of the U.S. Central Command, a top military security unit, was hacked last month, also by ISIS sympathizers. The Twitter and Instagram accounts of singer Taylor Swift have also been compromised.

Later on Tuesday, the Twitter account of the company's own chief financial officer, Anthony Noto, might have been hacked, as it sent out spammy tweets. A Twitter spokesman declined to say whether the account had actually been hacked, though he pointed to this explainer on compromised accounts.

Any social media account is at risk of getting compromised, but attackers see immense value in taking over a Twitter account because of the site's public-facing nature. These types of incidents, especially on Twitter, are likely to continue unless businesses and individuals adopt smarter measures for how they secure their accounts.

Hackers use a variety of methods to break into accounts, but two strategies in particular stand out: brute force and phishing. For brute force, there are password-cracking tools online that allow attackers to sort through a dictionary and guess the password. The attacker can set up the system in the cloud and program it to make password guesses gradually, for example over a period of weeks or months, and from different IP addresses, so that the site in question does not lock them out, said Ian Amit, vice president of ZeroFOX, a cybersecurity company that monitors suspicious activity on social media.

Phishing attacks trick account holders into entering login credentials through an email that appears to be coming from a particular site, but is not.

Security experts often advise people to choose lengthy passwords and use two-factor authentication when it is offered by a site. Two-factor authentication technology prompts users to enter a special code, usually sent to their personal mobile devices, when they log in. Many online services like Google and Facebook offer it, with Twitter rolling it out in 2013.

Two-factor authentication is easy enough when you're the only person using an account, because the code is sent to your own phone. But it's trickier to employ for a business account to which multiple employees, using different phones, have access.

In this case, businesses should consider using a centralized dashboard application, like Hootsuite or GroupTweet, to manage their Twitter account, said Amit of ZeroFOX. Pick a complicated password to log in to Twitter via the centralized app. From there, a business can give permission for individual employees to access the company account using two-factor logins.

Also, companies should take a wider look at their online presence across social media, Amit said. If the CEO (or CFO) has a weak password and does not use two-factor authentication for a personal account, that might present an easy target for hackers, who could then spread misinformation or access other accounts to which the executives have access.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Internet-based applications and servicesNewsweeksecurityDesktop securitysocial networkingtwittersocial mediainternet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?