Skip to Main Content
April 25, 2013

Twitter Associated Press Hack - Stop Blaming Social Media

Written by David Kennedy
Penetration Testing Security Testing & Analysis
if you haven't seen the headlines you may read "TWITTER HACKED - ASSOCIATED PRESS TWEETS WHITE HOUSE BOMBING" or "AP Twitter Account Hacked". The headlines are much different from what actually happened. The attack method was the same attack method that is hitting everyone right now - spear phishing. An Associate Press employee was targeted and clicked on a malicious link which allowed access to the twitter account. It was sensationalized due to the major impact it had by dropping the stock market 150 points and causing a brief cause for panic. This does show how powerful social media and other news avenues can be, but it also shows what instant news has created in our culture. The response from the news outlets was expected and normal however, the response from the security community was quite different than what I would expect to be normal. Most security companies called for Twitter to increase security in their services and that although it wasn't twitters fault in any retrospect - it was still somehow their fault. What I enjoyed the most was watching services spawn from the mayhem and cause even more fear for those using social media. Having two factor authentication on Twitter would be an awesome step in helping companies that can't protect themselves from getting hacked. At the end of the day, it wasn't a vulnerability in Twitter - it wasn't SQL Injection or Cross Site Scripting, or a buffer overflow. It was a human clicking on something that looked believable and ended up compromising their own companies computer. Social media is fine the way it is. The mass worms and crazy holes in Facebook and Twitter just aren't there anymore in volume. The focus has to be on putting a little effort into our users and employees. You can't simply put up products to protect them, but need to educate and enable them. Social media makes it possible to get to people but doesn't cause the exposure. Fix people, educate them, train them, and put defenses around them. That alone can be the solution. Twitter - hats off for saying you will step up on the security side of the house even though you didn't need to. Keep up the good work. Signed -Happy Twitter Customers @TrustedSec @Dave_ReL1K @DerbyCon @Nick8CH @Spoonman1091 @MrsReL1K