Back in April, agents of the Syrian Electronic Army
took control of the Associated Pressofficial Twitter account and punched out a single tweet.
“Breaking: Two Explosions in the White House and Barack Obama was injured”
The AP Corporate Communications account quickly tried to mitigate the damage, tweeting, “That is a bogus @AP tweet.”
The initial tweet cost the DOW 150 points, which it later recovered when the news was rectified. Nonetheless, it was a huge PR victory for SEA.
Kevin Mandia, CEO of Mandiant — the company that outed China’s super-secret military hacking unit — recently talked at a National Military Family Association event and explained exactly how the SEA breached the Associated Press twitter account.
“I just wanted to share with you the details of the attack, to see the ingenuity behind these people,” said Mandia, who got his start in Air Force signals intelligence.
“[First] they sent a spearfishing email to approximately 10 people at a media company,” said Mandia, referring to the Associated Press. “Spearfishing is a fake email, you’re purporting to be someone you’re not and the content is a ruse to getting someone to do something, click on a link or open a document.”
The email looked like a newsbreak from the United Nations, telling the reporters to check out an article from the Washington Post. Mandia notes that the hackers “did their homework,” and even used a name from a real person in the U.N.
Inside the email was a hyperlink that ostensibly led to the WaPo article. Instead, the url led to a site mirroring the login for Outlook, the email platform AP reporters use.
“To the unwitting victim, [they think] ‘oh I got an email from the United Nations about something, let me click on this link,’ and what they got was a new login back into their email, and their conclusion was, ‘hey I just got kicked out of my email,’ so they typed in their user ID and password and ‘logged back in’ to the email, but what they were really doing was giving the Syrian Electronic Army access to their email.”
“It took them less than 10 minutes to get the information,” Mandia said.
The journalists that fell for it quickly filled out the field’s like normal and clicked “login in,” which then sent the info to the hackers.
That’s how the SEA got the access codes to the official Twitter, but, as Mandia points out, they could have done much worse.
“The real problem with this isn’t that they tweeted something, it’s that they now know the contact list of all the Syrian rebels who are emailing western reporters,” said Mandia.
Mandia contends that the SEA is much more advanced than people think.
“Is that a non-fancy attack? Well … it worked, and it worked in less than 10 minutes,” said Mandia. As for the SEA’s M-O being media attacks, he thinks they’re capable of worse.
“Now imagine if we had attacked Syria, I think they’re rules of engagement would change,” said Mandia.
Business Insider Emails & Alerts
Site highlights each day to your inbox.