Back in August, I wrote about the surge of attacks perpetrated by the Syrian Electronic Army. That month, the hacker collective commandeered the websites and social media accounts of several prominent media outlets, launching themselves into the national conversation and solidifying the group as a legitimate and dangerous threat to cyber security. When the possibility of U.S.-led ground war in Syria emerged, and the SEA began lobbing retaliatory threats at the American government, Aveksa CEO Vick Vaishnavi postulated in Forbes that the trend of state-sponsored cyber terrorism might one day lead to modern warfare being waged digitally. But then military action was averted and online accounts were reclaimed, and the SEA appeared to have had slunk back into whatever super-computer laden hole they crawled out of, only sporadically launching smaller, less noteworthy attacks.
Well, until a few weeks ago anyways.
Following the announcement of their nominees for the annual “Person of the Year” issue, Time’s Twitter account was usurped by the SEA. Allegedly upset that the news magazine described Syrian President Bashar al-Assad as a ruler who “presided over a bloody year, shrugging off international concerns over the use of chemical weapons as the death toll of his country’s civil war eclipsed 1,000,” the SEA tweeted from the compromised account: Syrian Electronic Army was here via @Official_SEA16. Next time write a better word about the Syrian president #SEA.
Aside from the fact the Tweet reads more like it belongs scrawled across the stall door in high school men’s bathroom than the coming-out declarations of a formidable enemy, it’s disconcerting just how easily the SEA can spread their message at the expense of the American media elite. This is now the second instance in which Time has fell victim. After the first breach, it would have been reasonable to assume that the news magazine would make an effort to beef up their digital parameters. But they didn’t. If the SEA is the punk repeatedly graffiti-ing the school’s toilets than Time is the apathetic administration refusing to adopt sign-in sheets.
If this all seems trivial, it’s not. Twitter, for good or bad, has become the world’s primary source of instantaneous news, and when journalism has devolved to the point where being first is more important than being right, the spread of misinformation is pervasive and can be very, very dangerous.
In April of this past year, the SEA hijacked the Twitter account of the Associated Press. Within in minutes, they Tweeted that the White House had been bombed and President Barack Obama had been injured. Naturally, there was an outpouring of concern and panic, and the stock market dropped 150 points. The resulting chaos wasn’t quite War of the Worlds level hysteria, the error was corrected quickly, but still, it’s not hard to imagine the devastating impact of a scaled-up misinformation campaign.
If read my previous article, you know that most of the attacks were the consequences of the SEA seizing user access data and then using it to hijack social media accounts and websites. Maybe it’s time the old dogs of journalism consider an Identity and Access Management (IAM) solution.