You may have heard about how the Free Syrian Army hacked some of CNN’s social media accounts and blogs last week. In Mashable reporter Lorenzo Franceschi-Bicchierai’s piece on the attack, he actually gets to interview the hackers themselves. Pretty cool stuff. The result is a fascinating look behind the scenes at how hacking actually works. It also serves as a good primer in social media security for media companies. From the article:
One CNN employee fell for the first wave of phishing emails, revealing his password on the fake login page. Th3 Pr0 and The Shadow then had access to his Hootsuite account, which was linked to various CNN social-media accounts and even his CNN WordPress account. This breakthrough gave them the power to post on multiple Twitter accounts, and even publish fake news on CNN.com. Mashable has seen screenshots of the compromised accounts, and a source with knowledge of the attack confirmed they were legitimate.
After taking control of the passwords of six CNN employees, the hackers began sending a second wave of phishing emails, this time using the victims’ real email accounts. The emails warned of an attack, and asked recipients to change their passwords to avoid further hacks; it was a clever attempt to harvest more logins and passwords.
Read the whole thing here.