Attackers are taking advantage of the 10th anniversary of the World Trade Centre attacks to spread scareware
Nothing is sacred to scammers and online attackers, and the tenth anniversary of the 11 September, 2001 attacks appears to be no exception.
Malicious perpetrators took over the Twitter account belonging to NBC News and posted messages claiming a terrorist attack at Ground Zero in New York in the late afternoon of 9 September. Vivian Schiller, the digital officer at NBC News, posted on Twitter that the @nbcnews account had been hacked and that the offending messages should not be retweeted.
The posts claimed flight 5736 had crashed into the same site the Twin Towers had collapsed on 10 years ago, and another flight, “flight 4782”, was also suspected of being hijacked. Twitter has suspended the account to stop people from spreading the fake news and creating panic.
A group calling itself Script Kiddies took responsibility for the hack. Graham Cluley, senior technology consultant at Sophos, called the group “sick-minded hackers” on the Naked Security blog.
It’s not clear how the account was hijacked, whether it was because the Twitter password was phished, cracked because it wasn’t very strong or some malware was used. Regardless, it is one of the many web scams and hacks currently active, and the number is expected to increase with the anniversary of the 9/11 attacks on Sunday.
Researchers at BitDefender warned of malicious websites and social networking attacks with hooks relating to the 9/11 attacks. BitDefender uncovered malicious websites on topics such as “Bin Laden alive”, “in-depth details about the terrorist attack”, “police investigation results” and “towers going down”. The malicious sites are filled with links to scareware and phishing sites, or the sites masquerade as fund-raising pages for various charities.
Considering many news organisations are doing retrospectives by posting original footage and allowing users to listen to the recordings of emergency personnel trying to rescue people, many users will be more likely to visits sites that claim to have never-before-revealed details of the attacks.
With law enforcement authorities on the hunt for two or three individuals they suspect may be planning a 9/11 anniversary attack, there will be even more interest among Internet users for information. Federal and New York City authorities claimed to have received credible information that the suspects had already entered the country, Reuters reported on 8 September.
The intelligence was “not run of the mill” and was dramatic enough to change the earlier security assessment that there was no specific intelligence of any plots to attack the United States on the anniversary, law enforcement officials told Reuters.
As always, users should rely on official news outlets for information and actually type in URLs of the sites instead of just clicking on links to stories, security researchers warned.
Other malicious scams include fake auctions and sales of 9/11 items, such as shards of metal from the collapsed World Trade Centre towers and “commemorative coins” minted from silver collected at Ground Zero, BitDefender warned.
“It makes me slightly sick even to think about this inhuman exploitation of human misery,” David Harley, a senior research fellow at ESET, wrote on the company blog.
“Nothing is sacred to scammers,” Harley wrote, noting the number of malicious sites and malware using social engineering tricks that emerge immediately after a disaster, such as the earthquake in Haiti or the tsunami in Japan.