Several BBC Twitter accounts, including its weather, Arabic and Radio Ulster feeds were hijacked by a group calling itself Syrian Electronic Army earlier.
A series of tweets about fake weather conditions in Middle Eastern countries began appearing on Thursday afternoon.
The accounts are the latest in a series of large corporate Twitter feeds to have been breached.
The BBC said that it now has control of all three accounts and all inappropriate content has been deleted.
A BBC spokeswoman said: "We apologise to our audiences that this unacceptable material appeared under the BBC's name."
The attacks began in the early afternoon on Thursday. At the same time, BBC staff were alerted to a phishing email that had been sent to some BBC email accounts. It is not yet clear if the two are related.
The email contained a link that if clicked on could expose password details.
The BBC weather Twitter feed, which has 60,000 followers, was among those affected.
Alongside the standard tweets from the weather feed such as "'last night was chilly" some more bizarre comments began emerging.
They included: "Saudi weather station down due to head-on collision with camel."
Another read: "Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way."
The group claiming responsibility has previously spread messages in support of Syrian President Bashar-al-Assad.
The BBC's Arabic and Radio Ulster feeds were also affected.
Faris Couri, BBC Arabic's editor-in-chief said in a statement: "Today at around 11.00GMT, BBC Arabic's twitter account @BBCArabicOnline was hacked. Since then, several pro-Assad news tweets were published by the account.
"We strongly condemn such action and apologise to our audiences," he said.
Social engineering
The attacks on the BBC are the latest in a series of hacks on high-profile Twitter accounts.
Last month Burger King and Chrysler saw their Twitter feeds hijacked while a quarter of a million Twitter users had their passwords stolen.
"The BBC is an obvious place to attack as it a trusted brand and so anyone who wishes to broadcast a message can reach a audience that are likely to pay attention, certainly initially," said Prof Alan Woodward from the department of computing at the University of Surrey.
"The most likely source of the hack is via social engineering - someone managing to elicit the password by fooling the user who keeps the password," he added.
Increasingly experts are now calling for Twitter to step up security and offer two-factor authentication, essentially a disposable, single-use password for its users.
Writing about the hack on his blog, security consultant Graham Cluley said it was unclear how the password had been cracked.
"The good news is that the hack doesn't appear to have been done with the intention of spreading malicious links or scams. Instead, it appears that the Syrian Electronic Army are trying to spread political messages about Syria instead," he said.
"You should always use hard-to-guess, hard-to-crack, unique passwords for your online accounts that you are not using anywhere else on the web."
No comments:
Post a Comment