A group calling itself “The Script Kiddies” hacked USA Today’s Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC’s Twitter account.
Just days before this year’s anniversary of 9/11, The Script Kiddies posted news that Ground Zero was attacked to @nbcnews, demonstrating a callousness for human tragedy that was seriously disturbing.
Now the group is back in action, taunting Twitter, stroking their egos and asking for your support on Facebook.
One of the tweets pointed to the @script_kiddiez_ Twitter account, which now appears to be suspended. USA Today is also back in control of its account, and has posted an apology.
In addition, the hackers claimed responsibility for other hacks, including Fox News (our coverage), Walmart, Unilevel (Unilever?) and Pfizer, in addition to NBC and USA Today.
And yes, they do have a Facebook page with 16 likes so far. (I wouldn’t recommend a visit…you never know).
According to security expert Graham Cluley, it’s possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News’s director of social media Ryan Osborn could have received a Trojan horse containing a keylogger via email, which then captured passwords as they were typed into his computer.
The relatively unsophisticated nature of the hacks – emailed spyware – could be the reason for the hacking group’s name. “Script kiddie” is a derogatory term in the hacker community that refers to those who use hacking tools and programs written by others to attack systems or deface websites.
Despite the simplistic nature of the technology involved in the hacks, they certainly are effective. Although Twitter has been good about responding quickly to breaches like this when they occur, it’s well past time for the social network to offer increased protections similar to those Facebook offers today.
On Facebook, accounts can be protected through additional authentication mechanisms, alerts, login approvals and even proactive suspensions of comprised accounts. Twitter, meanwhile, is constantly on cleanup duty.
Image credit, Twitter: Sophos