Social Media Compliance and Security in Spotlight after AP Twitter Feed Hacked

• By: Staff Editor
• Date: May 01, 2013

After the Associated Press Twitted feed was hacked by Syrian hackers and a false tweet about an attack on the White House broadcast to the world causing the Dow Jones index to plunge, both Wall Street regulators and IT security experts are looking into making social media channels more secure.

How the Hack Happened

The Syrian Electronic Army or SEA, a team of pro-Assad hackers, managed to hack the AP feed through “spear phishing”. CNBC reports that the hackers sent legit looking emails to those AP staff members who held sensitive data such as passwords to social media tools. The emails looked as though they came from trusted parties and one even had “a competitor's news story as bait.” The recipients clicked on a link in the email and allowed the hackers access to the AP’s Twitter feed, allowing the incorrect tweet to be posted.

The Associated Press is not the first major news organization to be hacked in this manner – the BBC, NPR, New York Times, The Guardian and The Wall Street Journal are just some of the many broadcasters and newspapers to experience hacker attacks in the past year by different groups with varying political ideologies and affiliations.

Reaction by Regulators
Wall Street regulators such as the Commodity Futures Trading Commission have been among the agencies to react to the hack by suggesting better regulatory oversight of social media posts. The CFTC didn’t offer specifics, but did suggest that those firms that are hacked be penalized for lack of proper security infrastructure and processes.

The CFTC also said that the incident highlighted the need to better regulate high-speed or automated trading.

IT Experts Suggest Better Security Measures

In the wake of this latest incident, IT experts have said that firms should adopt a number of measures to improve their security processes and infrastructure:

• More complex passwords – survey after survey has shown that users tend to use common passwords and easily guessed words. Most IT experts however tend to think that the time of passwords is over and new data security measures need to be considered. In this case, not even the most complex passwords would have protected the AP from being hacked due to the use of spear phishing
• Two-factor authentication – Social media channels such as Twitter do not as yet offer this, though there have been reports since the AP hack that it is being considered. Two-factor authentication requires users to provide a secondary form of ID.
• Biometric authentication – As technology relating to biometric authentication has improved dramatically and also won’t impede the work of media professionals who are highly pressed for time, this would possibly be the best tool to boost IT security.
   

The incident has proved that social media compliance and IT security are not just for high risk industries such as banking and finance but should be adopted across the board by other industry segments as well. To get a better idea of how to improve your organization’s social media compliance, read ComplianceOnline’s free white paper on the topic [registration required].