Copyright ©2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

AUDIE CORNISH, HOST:

From NPR News, this is ALL THINGS CONSIDERED. I'm Audie Cornish.

ROBERT SIEGEL, HOST:

And I'm Robert Siegel.

In recent weeks, NPR, the Associated Press, the BBC and Al-Jazeera have all had their Twitter accounts hijacked. Twitter has become a widely used communications platform. Last week, for instance, the Boston Police Department relied on its account to send updates to the world, so hacks of high-profile accounts have real world consequences. And as NPR's Steve Henn reports, security at Twitter is facing serious scrutiny.

STEVE HENN, BYLINE: Twitter has become a honey pot for hackers. It's so deliciously attractive, they can't seem to resist.

MARK RISHER: I think more than something about Twitter's security is the fact that it's so desirable as a platform because you get this instant, real-time access to a very, very large audience.

HENN: Mark Risher is the founder and CEO of Impermium. Risher's firm specializes in protecting social media accounts.

RISHER: It's very tempting. It's almost irresistible to these remote hackers who are able to operate from really anywhere in the world and just continue these deliberate, concerted efforts to break into specific accounts.

HENN: A successful hack on the right Twitter account can make news. Here's Bloomberg TV yesterday.

(SOUNDBITE OF BLOOMBERG TV BROADCAST)

UNIDENTIFIED MAN: AP's White House correspondent says their Twitter account was hacked. But the markets fell about 150 points for the Dow Jones Industrials in just seconds.

HENN: The Syrian Electronic Army claimed responsibility for the hack and posted a bogus message saying there had been an attack on the White House. Last week, the same group hacked into several of NPR's own accounts. The AP attacks began with a cleverly disguised email to staffers that included a malicious link

RISHER: Phishing messages have become much more convincing and much more realistic than those old, you know, Nigerian oil minister who wants to give you $25 million dollars and maybe, most importantly, they're coming from reputable channels or at least...

HENN: ...look like they do. If hackers compromise a computer and either steal a Twitter password or trick someone into giving that password up, that's it. They're in. That's all it takes. And Scott Behrens at Neohapsis Labs says it's not just media companies that need to be concerned.

SCOTT BEHRENS: Imagine if an attacker compromised a Twitter feed for, say, a medical company and tweeted something about a new drug or a partnership. That could cause, once again, turmoil in the stock market.

HENN: There are some simple steps that could make attacks like these more difficult.

BEHRENS: There may be some room for Twitter to improve by adding additional technologies around logging in such as two-factor authentication.

HENN: If you are using two-factor ID, hackers who log in from an unknown location don't just need a stolen password. The hackers also need a one-time code sent by Twitter to, say, a cellphone or a secure e-mail address before they can get in. This approach isn't foolproof, but Twitter has hired engineers to begin rolling it out. Still, Scott Behrens says the primary responsibility for keeping social media accounts secure rests with the people and institutions that use them. And many need better passwords, better practices and better defenses against hackers. Steve Henn, NPR News, Silicon Valley.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.