Entrust CEO: Two-factor may not be enough for Twitter
01 August, 2013
category: Corporate, Digital ID
The official Twitter account for Thomson Reuters was hacked in late July, making the news agency the latest in a long line of accounts compromised by the Syrian Electronic Army (SEA). The hack resulted in the posting of seven cartoon images showing clear support for Syrian president Bashar al-Assad, before the account was officially suspended 35 minutes later.
This is not the fist such hack conducted by the Syrian Electronic Army, in fact, Thomson Reuters is just the latest global media outlet to be targeted by the SEA’s campaign. Accounts for The Guardian, Associated Press and CBS were all hacked in April, with the Financial Times and Daily Telegraph experiencing similar attacks in May and Agence France-Press in February.
“Not all social media identities are created equal,” says Entrust President and CEO Bill Conner. “Those with a material impact such as corporate accounts, government entities and public utilities should be held to a higher security standard.”
In the wake of the account hacks, Twitter officials have been working with media firms to better safeguard their accounts, including a rapid response tool that can suspend accounts until the hackers are locked out. It is this teamwork between Twitter and its high-profile users that Conner believes to be key in the anti-hacking effort.
“Now that Twitter has launched an offering that account holders can opt-in to, it is the mutual responsibility of these high profile Twitter account holders to take advantage of this security offering,” says Conner.
As Conner sees it, however, increased security – if not done properly – could actually prove to be counterproductive to what Twitter actually represents. “Twitter is all about instantaneous communication, and the reality is, requiring a one-time password as second factor authentication could diminish Twitter’s current effectiveness and usability,” explains Conner. “Implementing strong, transparent authentication achieves the balance of security and desired end-user experience.”
One simple reality remains: Twitter – as both a social network and news media outlet – is growing more by the day and is here to stay, meaning interest from groups like the SEA will also remain constant. The answer, then, may be to glean inspiration from other security-conscious operations.
“As Twitter and other critical services grow in their market impact, threats and exploits will increase in volume and sophistication,” explains Conner. “Guidance can be taken from security conscious institutions such as banks and governments that leverage digital certificates and mobile devices for a layered approach that secures user accounts, authenticates applications and defeats advanced malware-based session riding attacks.”
To see the results of the Reuters hack, see the Atlantic Wire’s write up here.