Until Media Cares About Its Security, Hackers Will Still Steal Passwords
In security and war, you’re only as strong as your weakest link. And in the media industry, we’ve got quite a few weak links.
It should be entirely self-evident by now; over the past year, we’ve seen hacks on some of the biggest media outlets in the world, from the New York Times to the Guardian. And apparently, it’s all our fault.
“In media, security is not a priority,” Tom Cochran, chief technology officer for Atlantic Media, said during a session at the South By Southwest conference in Austin, Texas, this week. It’s something of an afterthought, with employees using duplicate passwords across their various accounts. Or, worse, we’ll use stupidly easy passwords to guess, like “12345” or “password.” (Yes, people actually still do this.)
In a test of his organization’s bad security habits, Cochran sent out an email containing a link that asked employees for their passwords, a popular hacker “phishing” technique. A staggering 30 percent of the people in the company clicked on the link inside the email.
That’s the point at which the Syrian Electronic Army usually comes in and makes its mark. For the past year, the anonymous hacker collective has made a habit of phishing for passwords from media organizations, then breaking into the official Twitter or Facebook accounts and spreading pro-Bashar al-Assad messages while decrying protest groups (as well as U.S. President Barack Obama).
One hack on the Associated Press briefly sent the Dow Jones Industrial Average plummeting about 130 points, after a false tweet claimed Obama had been injured in an attack on the White House.
The takeaway for Cochran here is important: Hackers like the SEA will always be out there, ready to mess with consumers for fun (or “the lulz,” as it were). It’s up to users to keep themselves safe by practicing good password hygiene (by using multiple passwords across accounts) and never clicking on suspect links and giving up their information willy-nilly.
It’s also, in part, up to the organization to update its security practices company-wide. Per Cochran, the Atlantic Media company now mandates two-factor authentication — an extra layer of security — across all of its services.
And after Forbes Magazine was hacked just a few weeks ago, staff writer Parmy Olson said the keys to the various social media accounts for the company were taken away from some of the people who had them across the brand (when I worked for Forbes years ago, even I had the keys to the Twitter account). Forbes, too, implemented two-factor authentication.
Good advice, and in this day in age, I’d call it table stakes. But good luck getting thousands of employees in large media orgs — some of whom are more tech-savvy than others — to get with the program, especially when it’s far more convenient to use one simple, easily memorized password.
In other words, don’t expect the lulz to end any time soon.
More Articles About South By Southwest 2014
- Austin, Back-Channeled: This Year’s Big SXSW Apps Are All Hush-Hush
- Big Media Comes to SXSW for Buzz – and to Bring SXSW Everywhere Else
- Scenes From South By: The Blockbuster Newsweek Party That Wasn’t
- Julian Assange Warns SXSW of “Military Occupation of the Internet Space”
- Danah Boyd Has a Message for Adults About Teen Behavior Online: It’s All Your Fault
- What’s the Latest Secret About Secret? Anonymous Not Good but Nip Slips Okay!
- Google Pledges to Help Developers With Wearable Devices
- 23andMe’s Wojcicki Admits FDA Decision Was a Blow, Defends Role as Health Information Provider
- At SXSW, Hipsters in the Mist and Movies Are Kickstarted for Mars
- ESPN’s Bill Simmons on ESPN’s Nate Silver, Being a Boss, and Building His Site
- Edward Snowden’s Virtual Address at SXSW
- In Which Re/code Is Faked Out Once Again by the Old Shaq by Southwest Trick
- The Harder Side of SXSW: 3-D Printed Candy & Robot Ostriches
- Beyond the Hype: Wearables Face Issue of Value, Retention
- Snowden Calls on Tech Companies to Create More Secure Products
- Re/code@SXSW: 7-Eleven Pizza Nom Nom Nom
- A Bacon-Scented Alarm Clock, 3-D-Printed Oreos and Soylent Is Not People (Yet!)
- Jimmy Kimmel on Fake Viral Videos, Real Money and the Future of TV
- Until Media Cares About Its Security, Hackers Will Still Steal Passwords
- #PuppyHour and Reality TV Recruitment: Poster Children of SXSW
- Our First Tinder Date Was at the Yahoo Party: A Last Look Back at SXSW