Site icon Sophos News

Hijackers DM @realDonaldTrump from former Fox News hosts’ accounts

The Twitter accounts of two former Fox News hosts were hijacked on Tuesday by somebody or somebodies who filled their feeds with propaganda supporting Turkey’s controversial president, Recep Tayyip Erdoğan.
The accounts, which belong to Eric Bolling and Greta Van Susteren, were restored within a few hours, but not before alert Twitter users grabbed screen captures.

As one Twitter user pointed out, the connection between the two journalists is that they’re two of only 45 accounts followed by US President Donald Trump. This tweet captures direct messages the hackers sent to @realDonaldTrump from Van Susteren’s account:

This direct message sent from Van Susteren’s account asks Trump to share a propaganda video from his personal account:

The Huffington Post translated one of the propaganda posts that was written in Turkish. It read:

You are hacked by the Turkish cyber army Ayyildiz Tim! We got your DM correspondence! We will show you the power of the Turk!

Another, written in English, from the hijacked Van Susteren account:

We love the Turks and Muslims in the world. We condemn those who persecute them, especially in the United States, and we share their suffering . We love turkish soldiers, we love Erdogan, we love Turkey.

While they still had control of the accounts, the hackers also posted a screenshot of what appeared to be Bolling’s direct messages.
The two had their accounts back by Tuesday night:

Make sure you’re not next

Mr. Bolling, Ms. Van Susteren, I’m sure it won’t be much consolation, but you’ve just joined the who’s who of hijacked Twitter accounts. We’ve printed it before, but here’s an updated list that includes these big names:

As we’ve noted in the past, there are plenty of ways to have your Twitter account hijacked:

Of course, Twitter accounts of high-visibility targets – businesses, celebrities or big brands such as Fox News – are particularly tempting to hijackers. Most particularly when they’re on the small list of 45 people who can direct message the POTUS!
Twitter has attempted to make it safer to have one of those tempting, highly targeted accounts.
In 2015, the company introduced a feature called TweetDeck Teams that lets users share Twitter accounts without having to share passwords. Twitter added the feature to TweetDeck, the account managing software it picked up in 2011.
The tool also makes it possible for anyone sharing an account to use Twitter’s two-factor authentication (2FA), or what it calls “login verification”.
That will send a one-time login code to a user’s phone that they need to enter in addition to a username and password. It’s another layer of protection against would-be account hijackers, since they’d need not only your login credentials but also your phone to take over your feed.
There have been multiple high-profile hijacking victims who’ve admitted that 2FA might have helped them avoid the nightmare of having their accounts taken over, their data wiped and/or vicious content posted on their Twitter accounts: technology reporter Mat Honan said as much after he had all of the data wiped from his iPhone, iPad and MacBook and had his Gmail and Twitter accounts hijacked.
But it’s worth noting that 2FA hasn’t been enough to stop some determined attackers. Naoki Hiroshima, a software developer and the rightful owner of the valuable @N Twitter handle, credits 2FA with probably preventing an attacker from logging into his PayPal account. But 2FA didn’t keep the attacker from socially engineering and extorting his @N handle away.
Nor did it help DeRay Mckesson, whose account was whisked out from under him by somebody using just his name and the last four digits of his taxpayer ID.

Protect yourself

While there are a few exceptions like those above, there are heaven knows how many more hijackings that have been stopped by 2FA, so turn it on whenever and wherever you can.
All accounts should be secured with passwords that are tough as nails, be they for celebs, politicians, Twitter execs, or plain old civilians. Here’s our short, sweet video on how to hammer out a good set of nails for your accounts:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)


Exit mobile version