Twitter urges news media to improve security

Twitter is urging news organisations to improve security amid attacks by Syrian hackers targeting western media groups

Twitter is urging news organisations to improve security amid attacks by Syrian hackers targeting western media groups.

The call comes after the Syrian Electronic Army (SEA) hacked into several Guardian twitter accounts in the latest in a series of attacks in support of Syrian president Bashar al-Assad’s government.

The group, believed to be a front for the al-Assad government, previously targeted the BBC, al Jazeera, France 24 TV, US National Public Radio and the Associated Press news agency.

Analysts said the latest cyber attacks seem to concentrate on western media organisations to generate publicity.

In March, the SEA hacked into the Twitter accounts associated with BBC weather, BBC Arabic Online and BBC Radio Ulster and posted some pro-Syrian and anti-Israeli tweets.

The breach of the Associated Press Twitter account enabled the SEA to send bogus messages about explosions at the White House that caused a brief 143-point drop on the Dow Jones industrial average.

Read more about two-factor authentication

Twitter has responded by sending an email to news organisations about improving security measures, including using stronger passwords and using a dedicated PC for Twitter to limit malware infection.

Twitter also encouraged organisations to have a closer relationship with the micro-blogging service to ensure account details are kept up to date, according to the BBC.

Twitter also appears to be taking some action to improve protection for users, with recent reports that Twitter is testing a two-factor authentication system internally, aimed at making it more difficult for hackers to take over users’ accounts.

News of Twitter’s plans to bolster security with two-factor authentication first emerged in February, after the micro-blogging service was forced to reset 250,000 account passwords after a system breach.

The planned security system requires users to enter a one-time password (OTP) sent to their mobile phones whenever they log in from a computer or device they do not normally use.

Read more on Privacy and data protection