Hacktivists take on 'Olympus Has Fallen' scare tactics style

One hacktivist group allegedly threatened to bomb the White House if we don't go to war with North Korea; another group hijacked AP tweets and caused a financial scare. Twitter is reportedly planning to implement two-factor authentication.

Twitter is a great place if you want news that is so red-hot off the press that the e-ink is still steaming. But with the likes of the Syrian Electronic Army hijacking Twitter accounts and tweeting disastrous fake news as if Olympus Has Fallen is a reality and not a movie, Twitter is finally going to implement two-factor authentication.

At the start of April, Bloomberg incorporated tweets into its financial terminals. After the fake AP Olympus Has Fallen-style tweet, Bloomberg reported that the FBI is investigating the AP Twitter account hack. Hijacking Twitter accounts has happened since people first started tweeting, yet disinformation sent via high-profile Twitter accounts seems to be one of the weapons of choice for hacktivists. The motives might be much more sinister than spreading disinformation. Slate's Moneybox suggested a person could "get rich hacking Twitter":

It makes you wonder if there isn't a profit-making opportunity out there in the realm of Twitter hacks. The Internet seems to spread both the rumor and the correction very quickly, and U.S. financial markets are deep and liquid enough to respond in a big way in real time.

The White House discredited the "errant tweet" minutes after the hack was discovered; White House spokesman Jay Carney told reporters, "The president is fine, I was just with him." Yet in the "two-minute span between 1:08 pm EDT and 1:10 pm EDT, just after the fake Tweet hit Twitter, the Dow Jones Industrial Average dropped 145 points." In fact, that one bogus tweet "sent markets down 1% in a matter of seconds." The Financial Post added, "The three-minute plunge briefly wiped out $136.5 billion of the S&P 500's value."

AP reporter Mike Baker tweeted, "The @AP hack came less than an hour after some of us received an impressively disguised phishing email." The warning about phishing attempts on AP's corporate email network started with "Some users are receiving emails that appear to have a link to a Reuters or Washington Post news story. This email is a phishing attempt that takes users to a bogus site requesting you to log on," according to jimromenesko.com, which has a copy of both the warning and phishing emails.

Syrian Electronic Army

Syrian Electronic Army hacktivists have been active since at least 2011. Twitter continues to ban SEA accounts, but the hacking group that supports Syrian President Bashar al-Assad simply creates more. In case you don't know, President Obama wants al-Assad out of power. A senior Israeli intelligence official "said the Assad regime has used chemical weapons against rebel forces." President Obama has warned "on a number of occasions that any use or movement of chemical weapons would be a red line that President Bashar al-Assad should not cross, at one point calling it a 'game changer'."

"Up until now, the Syrian Electronic Army has breached, on average, the Twitter accounts of one high-profile organization per week," reported Softpedia. "Over the past week, things seem to have changed." Over the weekend, 60 Minutes tweeted a stream of ridiculous "news" that was captured in screenshots before @CBSNews apologized for both @60Minutes and @48Hours tweets. The compromised @48Hours tweeted things like "General Dempsey calls for #Obama's arrest under new anti-terror laws #48hours." @CBSDenver was also spewing bogus news.

The Syrian Electronic Army took credit for hacking four CBS Twitter accounts, @FifaWorldCup, as well as hijacking NPR, the BBC, and the Human Rights Watch earlier this year. Last year the hacking group took credit for hacking Twitter accounts belonging to Reuters, Fox New Politics and NBC News, to name but a few.

Ultimatum: Declare war on North Korea or group would detonate 8 bombs at the White House

It gets weirder, more out of control, and increasingly more ominous. According to TMZ sources, the Syrian Electronic Army is "connected to the core" with the Exposed hacker group that claimed responsibility for Exposed.re; the site that leaked financial info about Michelle Obama, CIA Director John Brennan, Angelina Jolie and other celebrities. The Exposed group also claimed "responsibility for swatting Rihanna, Diddy, Ryan Seacrest, Justin Timberlake, Paris Hilton, Chris Brown, Tom Cruise and others."

Furthermore, TMZ reported that Exposed issued an "ultimatum to the U.S. Government -- either declare war on North Korea or they will detonate bombs at the White House." TMZ was told the group claimed that it "contacted authorities through 911 and threatened to detonate 8 devices around the White House perimeter if President Obama does not declare war within 24 hours."

Twitter to add two-factor authentication

As tweets spreading disinformation become increasingly dangerous, such as in the AP's tweet causing the market to plummet almost immediately, the pressure is on Twitter to step up security. On Monday, banking security firm Trusteer said it found "malicious software for sale designed to steal Twitter credentials from infected PCs, then instantly send out Tweets from that account to all of the account owners followers."

Google and Facebook have offered two-step authentication for years. Apple implemented the security feature in March, and Microsoft added two-factor authentication a week ago. Now it seems as if Twitter will too. According to Wired, Twitter is internally testing a two-step authentication system and hopes to incrementally roll it out to users soon. Yet Mark Risher, co-founder of Imperium, told the New York Times, "In the case of a phishing message, two-factor authentication would not eliminate the problem. There are ways to circumvent this. I could create a fake Web page for Twitter and ask you to enter your user credentials."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2013 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline