An E-mail Attack to Ground Zero

Last Updated on September 11, 2011

Easily Predictable, the 10th 9/11 anniversary turned out to be a too tempting opportunity for unscrupulous hackers and cyber pranksters. Probably the NBC News Twitter account (and its 130,000 followers) will remember this anniversary eve for a long time after, late on Friday September the 9th, the Twitter account started to tweet false reports of a plane attack on ground zero.

nbcnews-twitter-hacked — Original Image by Naked Security

Although there were some misplaced details on the tweets, few minutes later the Company Chief Digital Officer, admitted the account was hacked, asking their followers not to retweet the bogus tweets:

The account was suspended and restored after few minutes, and you will probably remember that the misplaced detail, that is The Script Kiddies who claimed to have hacked the account, are not new to such similar actions since they already hacked the FOX News political account on July, the 4th 2011, announcing a bogus report on Mr. Obama death.

This is not a coincidence, probably the hacker(s), a splinter cell of Anonymous and LulzSec have exploited the same (human?) vulnerability. The NBC News account is tightly controlled and only three NBC News executives have the password.

One of them, Ryan Osborn, the NBC director of social media, said he was monitoring the account at the time and noticed the bogus messages within seconds, noticing that the password to NBC News’ Twitter account had been altered. He immediately contacted Twitter, which shut the account down eight minutes after the tweets appeared.

But there is a further particular: although the warning on easily predictable 9/11 scams, Osborn said he recently received a suspicious email as Hurricane Irene was approaching New York. The email came from an unknown sender with the subject “Hurricane Alert” and the message:

Ryan, You need to get off Twitter immediately and protect your family from the hurricane. That is an order.

Osborn wrote back “I’m sorry. Who is this?” and the sender then replied:

I’m the girl next door

with an attachment. Osborn said he mistakenly clicked on the attachment and it contained a Christmas tree.

Probably that click was fatal and injected a Trojan Keylogger on Osborn’s PC, which was used to steal the password.

The FBI is investigating the NBC News Twitter account hacking but one thing is clear: Twitter accounts are becoming a preferred target for this kind of hacks, they allow to reach a wide audience in few seconds with the double result to quickly (and virally) spread panic among followers and amplify the echo (and visibility) of the attack. Moreover, there is no need to perpetrate huge attacks to compromise the server infrastructure since the entry point is human and human defenses have proven to be extremely much weaker and easy to penetrate (a simple email is enough) than digital defenses.

Last but not least, this is only the latest occurrence of an attack carried on via malicious attachments which are being deployed to carry on complex multilayered attacks (as in case of RSA Breach), or simple questionable pranks (as in case of NBC News or Fox News).

I miss the good old days when the threat via e-mail could be at most spam…