— The FBI is investigating the NBC News Twitter account hacking committed by perpetrators who posted bogus information about the hijacking of a civilian airliner that supposedly crashed into Ground Zero in New York, officials said Friday night.
A posting on the NBC News Twitter profile accompanying the attack indicated the perpetrators may have been members of a new group of cyber pranksters known as "The Script Kiddies," whose main goal appears to be targeting mainstream news organizations.
The postings were swiftly taken down minutes after they appeared on the main NBC News Twitter account — a tightly controlled account for which only three NBC News executives have the password. Anchor Brian Williams read a statement on the NBC Nightly News Friday night disclosing the attack, adding that the network was "working with Twitter to correct the situation" and apologizing "for the scare that could have been caused by such a reckless and irresponsible act."
FBI officials confirmed Friday night that agents from the bureau's computer crimes unit were investigating the incident — the latest in a string of malicious cyber attacks on government and private companies. So far, bureau officials said, they are still gathering information from NBC and declined to discuss any suspects.
But, while committing the Friday afternoon attack, the perpetrators altered the NBC News Twitter profile to say they were from the "The Script Kiddies," anonymous computer pranksters who recently split off from two better-known hacking collectives, "Anonymous" and "LulzSec," both of which have been the targets of aggressive FBI investigations.
A prime goal of "The Script Kiddies" appears to be attempting to embarrass news organizations. Just two months ago, the group took credit for a similarly malicious attack on the Fox News Twitter account, in which false information was posted about a fatal shooting of President Obama.
"This is a group that has been around for a few months," said Barrett Brown, a Dallas computer maven who has served as a spokesman for Anonymous in the past. "A lot of them don't like the mainstream media. But they could also just be doing this to get attention and increase their street cred."
'Easy' to infiltrate
A U.S. government official who specializes in computer security said the attack was one more example of just how vulnerable such accounts are to outside intruders. "The truth is it's relatively easy to get into these accounts," the official said.
The cyber hack on the NBC Twitter account — which has about 130,000 followers — seemed timed to spread maximum alarm, coming on the eve of the 10th anniversary of 9/11 and on the very day federal and local officials were ramping up security in response to a new terror threat from al-Qaida in Pakistan.
"Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. more as the story develops," read the first message that appeared on the NBC News Twitter feed at 5:48 p.m. EDT.
A follow-up message four minutes later read: "Flight 4782 is not responding, suspected hijacking. One plane just hit Ground Zero site at 5:47."
Then, three minutes later: "This is not a joke. Ground Zero has just been attacked. We're attempting to get reporters on the scene."
A moment later another message appeared: "NBCNEWS hacked by The Script Kiddies."
Ryan Osborn, the NBC director of social media, said he was monitoring the account at the time and noticed the bogus messages within seconds — and that the password to NBC News' Twitter account had been altered. He immediately contacted Twitter, which shut the account down eight minutes after the tweets appeared.
A spokesman for Twitter declined comment Friday night, saying by email that as a matter of policy, it does not discuss individual user accounts. But at the time of the attack on Fox News, Twitter reportedly indicated that its own own servers had not been broken into; instead, the email account associated with the specific Fox News Twitter feed had been compromised, and from there the hacker or hackers had been able to gain access.
The U.S. government official who specializes in cyber security said that a typical scenario for such an attack would be enticing a Twitter user — through a phony email — to download an attachment that contains a "keylogger Trojan" — a form of computer "malware" or virus that penetrates a computer and picks up the repetitive keystrokes of the user, allowing the hackers to figure out the passwords to the Twitter account.
Osborn, the NBC News social media director, said he recently received one such suspicious email as Hurricane Irene was approaching New York. The email came from an unknown sender with the subject "Hurricane Alert" and the message: "Ryan, You need to get off TWITTER immediately and protect your family from the hurricane. That is an order."
Osborn wrote back "I’m sorry. Who is this?" The sender then replied, "I’m the girl next door" with an attachment. Osborn said he mistakenly clicked on the attachment and it contained a Christmas tree.