The Washington Post

Protect yourself from Syrian hackers on Twitter

On Tuesday, hackers demonstrated how easy it is to take over a key Twitter account when they took over an Associated Press feed and tweeted that President Obama had been injured in an explosion. The group claiming credit for the attack, as well as other recent hacks, identifies itself as the Syrian Electronic Army, which supports the Syrian government,

When the phony AP tweet posted, the stock market reacted immediately, and prices plummeted for a moment until the newswire alerted on the hack:

The tweet popped up on traders’ screens shortly after 1 p.m. The AP used social media, its Web site and its corporate blog to announce that its Twitter account had been hacked. The company said it was investigating the matter with Twitter, and the White House weighed in to calm nerves.

“The president is fine,” White House spokesman Jay Carney said. “I was just with him.”

But in the investing world, where super-high-speed computer trades dominate the market, the reassurances did not come quickly enough to prevent momentary chaos. The Dow Jones industrial average fell more than 100 points between 1:08 p.m. and 1:10 pm. (Read the complete article here.)

On the day before the AP hack, World Views’ Max Fisher wrote about other attacks claimed by the Syrian Electronic Army:

Last week, they hacked into National Public Radio’s site and its Twitter feeds, criticizing NPR’s coverage of the Syrian civil war.

On Saturday, hackers identifying as members of the Syrian Electronic Army defaced four Twitter accounts owned by CBS News, including the “60 Minutes” account, which had 320,000 followers until it was disabled by Twitter in apparent response to the hacks. The messages were among some of the pro-Assad hackers’ most elaborate, a long string of messages that accused the United States of supporting terrorism in Syria as part of a larger plot to impose a one-world government.

Last month, the group took responsibility for defacing the Web site of Human Rights Watch in retaliation for the organization’s reports on the Syrian government’s abuses. Fisher asked in a Tuesday post whether such vandalism should be considered an act of aggression:

What if the hackers had been smart enough to simultaneously hijack multiple news organizations’ Twitter feeds, sustaining the fiction from seconds to minutes? It’s not as outlandish as it sounds; multiple news organizations have been hit by the Syrian Electronic Army in recent weeks. . .

A recent study, commissioned by NATO, argued that any cyberattack that causes real-world physical property damage or death would merit a military retaliation. So, based on that definition, a temporary stock market dip would certainly not seem to rise to the level of demanding a real-world military [response] as a terrorist attack might.

Tuesday’s hackers appear to have gained access to the AP account using a phishing scam, the wire service reports. The Washington Post’s Hayley Tsukayama offers suggestions on how to protect your identity on Twitter :

If you get an e-mail from Twitter that says there’s a problem with your account or that it has been hacked, immediately delete the e-mail, head to and change your password. If it’s a genuine e-mail from Twitter, you’re doing exactly what you should in that situation. If it’s a phishing attempt, you’ve just made it more difficult for hackers to take over your account.

Never click on links in those e-mails, and never reply with an e-mail that includes your username and password. Like most reputable online services, Twitter won’t ask you to share your login information through e-mail.

(Read the rest of the article here.)

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.

Max Ehrenfreund writes for Wonkblog and compiles Wonkbook, a daily policy newsletter. You can subscribe here. Before joining The Washington Post, Ehrenfreund wrote for the Washington Monthly and The Sacramento Bee.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.