News Column

First, Burger King is Hit, then Jeep in Social Media Attack

February 20, 2013

Brent Snavely and Nathan Bomey

Hackers dragged Jeep's name through the mud, splattering profanity and wreaking cyber havoc on the brand's Twitter account for more than an hour Tuesday.

In tweets that began shortly after 1 p.m. the Jeep logo on Twitter was swapped with a Cadillac logo and tweets implying drug use by company executives were published online.

It was the latest in a wave of social media mischief. Burger King reported Monday that someone hacked its Twitter account, changing its profile picture to a McDonald's logo and spewing inappropriate tweets similar to those found on Jeep's account.

Separately, Mandiant, an American computer-security firm, released a detailed report Tuesday linking China's People's Liberation Army to cyber-attacks on American corporations, organizations and government agencies.

"Security is so incredibly hard and all it takes is one little weak spot to compromise the whole chain," said Rob Malan, an information security expert and cofounder of Ann Arbor-based Arbor Networks.

Fortunately for Jeep and its parent Chrysler, the hackers disrupted no core operations. Production of vehicles, engines and transmissions continued uninterrupted.

The hacker also posted a racial slur to the social media page before Jeep regained control of the account and deleted the tweets shortly before 3 p.m.

Gizmodo, a technology blog, speculated Tuesday about the identity of the hacker as a DJ from New England but the Free Press could not confirm that report.

The Jeep Twitter account is managed by Ignite Social Media, a company with offices in Birmingham and Cary, N.C.

Ignite could not be reached for comment. However, the company commented on Burger King's crisis in a blog posted Tuesday.

"After a few hackers 'Had it their way' with Burger King's Twitter handle, we started thinking that password security is a big deal," the company said on its website in a blog titled "9 Tips for Greater Social Media Security."

Ignite advises companies to change their passwords at least once every three months.

Twitter did not respond to an e-mail from the Free Press asking about its security policies.

"We do feel we reacted instantly and regained control of the account as quickly as Twitter's processes allowed," said Ed Garsten, a Chrysler spokesman. "Online security is always a concern and we'll take measures to make it more difficult to hack into our accounts."

For brands like Jeep, hackers can put the brand's reputation at risk, if only temporarily. For example, the hacker used the Jeep account Tuesday to post a link to a photo of a bottle of prescription-only pills. Some of the tweets would have been regarded as offensive by some followers.

"We got sold to @Cadillac because we caught our employees doing these in the bathroom," one message read, with a link to a photo of a bottle of prescription-only pills.

A General Motors spokeswoman said on Twitter that Cadillac was not responsible for the Jeep hacking incident.

Charlie Wollborg, founding partner of marketing firm Curve Detroit, said Jeep's hacking incident is not surprising. What's important, he said, is how the brand responds.

"You need to know what the contingency plan is," Wollborg said. "It's disaster planning just like you have fire planning, flood insurance. What's our protocol? If we get hacked, this is what we do."

On Monday, when Burger King's twitter account was hacked, it took the company hours to regain control and return the account to normal.

Jeep was alerted quickly by several of its Twitter followers.

"Respond smart, respond on brand, make sure your actions are appropriate and make sure your voice is appropriate," Wollborg said. "It's not the end of the world. These things are going to happen."

Sometimes the attention generates its own benefit. By 6 p.m. Tuesday, Jeep had 106,684 followers, up from about 104,000 when the hacking was first noticed.

Chrysler, through its corporate Twitter account, responded by saying, "Thanks for all the heads-up on one of our brand accounts. The team is on it. It's good so many of you have our back!"

While Jeep appears to have emerged relatively unscathed, corporate security experts have argued that simple passwords are easy to swipe. For example, employees accessing a public network may be putting their personal information at risk.

"It could be somebody posting from a mobile device from a coffee shop or something," Arbor Networks' Malan said. "A lot of times it's just inside information that's captured and exploited by a small group of people."

More Details: 5 ways your password can get stolen 5 ways to protect yourself online

1. It was too simple or predictable. Don't use a simple password like "abc123" or "password."

2. You accessed an unsecure public network. Hackers can easily swipe your personal information this way.

3. Your password was changed. With a few Google searches, hackers can sometimes find access to personal information such as your birthplace and authorize a password change.

4. Clicking on a suspicious link. Hackers implant tools into nefarious links that, when clicked on, give the hacker access to your information.

5. Using the same password for different accounts. This is not advised because once a hacker has control of one account, it's easy to quickly gain access to your other accounts.

1. Install virus-monitoring software.

2. Create secure passwords using a combination of characters, capitalization and numbers. Consider using a password-generator tool.

3. Change your passwords often.

4. Consider two-factor authentication, which requires you to use two devices, including a smartphone, to authorize a password change.

5. Don't click on any suspicious links. They can give hackers access to your account.

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: (c) 2013 the Detroit Free Press. Distributed by MCT Information Services

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters