April 25, 2013 – Associated Press hack attack – what it means to you

On Tuesday, the Twitter account of the Associated Press (AP) was hacked into and a phony message describing a terrorist attack on the White House was sent out to the close to two million followers of AP’s Twitter account.  Immediately thereafter the Dow Jones Industrial Average lost 140 points as computerized program trading reacted automatically to the news without any verification of the truth of the report.  The phony tweet was corrected within minutes and the market recovered just as quickly as it went down, however the problem exposed by this hacking still remains.  In May of 2010 the Dow Jones Industrial average quickly lost almost 1,000 points due to a glitch in the computerized trading programs used on Wall Street.  Problems with computerized programmed trading which automatically order trades in response to perceived information are quite significant.  However, another problem is the hacking into the sources of our information.  The AP hacking is only the most recent hacking of a major provider of information.  Just last week the CBS news programs “60 Minutes” and “48 Hours” were hacked.  Also recently NPR and the BBC had their Twitter accounts hacked.   But it is not just the media that is being hacked.   Hacking is a major problem for all companies.  A recent study by Verizon indicated that 75% of the hacks were done last year by criminals seeking financial gain.  Sometimes it is to gain trade secrets, but other times it is to steal information about customers to make them victims of identity theft.  In 76% of the data breaches, according to the Verizon report, the hackers were able to exploit weak passwords.  In 29% of the hacks, tactics such as “spear phishing” were used to install keystroke logging malware on to the hacked companies’ computers to steal their data.   Spear phishing is a targeted phishing attack, often done through phony emails purporting to be from employees’ friends or business partners of the companies that contain the malware.

TIPS

Both government entities and companies are not doing what they need to do to properly protect their data from hacking.  The Associated Press Twitter account should have been protected by two-factor authentication when logging in so that even if a password is obtained by a hacker, he still would not be able to access the account.  Two-factor authentication requires not just a password, but also a code that is sent to a person’s cell phone.  Some companies such as Apple already use this technique.  The problem is that even if you and I do all we can to protect ourselves from identity theft, we are only as safe as the company or governmental agency with the worse security holding information about us.  Therefore you should try to limit as much as possible the places that hold your personal information and we all should impress upon the government and private industry the absolute necessity for better data protection.  The technology is available.  It just has to be used.