Twitter hit by ‘sophisticated’ cyber attack

AFP/Washington

Twitter said on Friday it was hammered by a “sophisticated” cyber attack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Twitter information security director Bob Lord said in a blog post.

Lord referred to an “uptick in large-scale security attacks aimed at US technology and media companies” as he told of Twitter detecting attempts this week to get unauthorised access to data in the firm’s network.

The attack coincided with the revelation of several high-profile security breaches. The New York Times and The Wall Street Journal said this week that they had been hacked, and pointed to attackers from China.

Twitter did not confirm the source of the intrusion.

But Lord noted that “the attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.”

He said that Twitter shut down a live attack as it was in process.

But cyber attackers may have gotten user names, e-mail addresses, passwords and other data.

As a precaution, Twitter invalidated passwords of accounts at issue and sent people e-mail messages telling them to create new passwords.

Twitter announced in December that the number of active users of the service had topped 200mn, in a sign of soaring growth.

The one-to-many messaging platform is a popular tool used by people around the world to share thoughts, views and news in real time, typically from mobile phones and sometimes in the heart of protests or upheaval.

It was unknown whether the cyber attack on San Francisco-based Twitter was related to high-powered hacker assaults on the Times and the Journal.

The recent series of brazen cyber attacks on America’s most high-profile media outlets has revived concerns over Chinese hackers, who analysts say are likely linked to the secretive Beijing government.

The Times and the Journal reported that their computer networks had been compromised, alleging it was an effort by the Chinese government to spy on news media operating in the country.

US Secretary of State Hillary Clinton said on Thursday that there has been an increase in hacking attacks on both state institutions and private companies.

“The breach at Twitter is yet another wake up call - have we had enough yet?” said Mike Lloyd, chief technology officer at security firm RedSeal Networks.

“Attackers are clearly a step ahead of most defenders - it’s a war between corporations and data thieves, and we’re losing.”

* A Dutch man was sentenced to 12 years in a US prison on Friday for being an online “broker” for credit card numbers stolen in a computer hacking conspiracy.

David Schrooten struck a plea bargain in federal court in Seattle after being extradited from Romania for his role in a computer hacking and credit card fraud scheme, prosecutors said.

Schrooten, known as “Fortezza” in the hacker world, pleaded guilty in November to criminal charges related to hacking, bank fraud, and identity theft, according to Western District of Washington US Attorney Jenny Durkan.

“By trafficking over 100,000 credit card numbers stolen by hackers, this defendant helped create the profitable black market for stolen data,” Durkan said in a release.

The Washington Post disclosed yesterday that it had suffered a cyber attack and suspects Chinese hackers were behind it, joining Twitter and major US media outlets that have endured intrusions.

The Post said in a front page story that the attack was detected in 2011. It said Post company officials would not comment on the circumstances, duration of the intrusion or apparent origin of the online attack.

The paper quoted Post spokeswoman Kris Coratti as saying the paper worked with a security company to detect, investigate and resolve the situation “promptly” at the end of 2011.

“We have a number of security measures in place to guard against cyberattacks on an ongoing basis,” Coratti was quoted as saying.

The attack coincided with the revelation of several high-profile security breaches.

The New York Times and The Wall Street Journal said earlier this week that they had been hacked, and pointed to attackers from China.

The two dailies accused Chinese hackers of targeting their computers in an apparent effort to spy on journalists covering China.