suntimes
SURGE 
Weather Updates

Hack attacks on Burger King, Jeep show companies need to improve security

Jeep's Twitter account was hacked.

Jeep's Twitter account was hacked.

storyidforme: 44930349
tmspicid: 16641482
fileheaderid: 7481154

Updated: March 21, 2013 6:41AM



Burger King’s and Jeep’s Twitter accounts were hacked this week, a reminder to businesses that it’s important to set up iron-clad tech security and put someone in charge of changing passwords frequently, experts say.

Hackers who seemed bent on embarrassing the companies rather than stealing data made it appear that McDonald’s had taken over Burger King. On the Jeep page, one of the false tweets said Jeep had been taken over by Cadillac, while others contained obscene messages.

A third company, MTV, appeared to have been hacked, but then it admitted to Forbes that its tweet about being taken over by BET was a marketing stunt.

Twitter declined to comment, citing privacy concerns.

In many cases, companies do not make clear who is responsible for changing a password, or the email addresses, phone numbers and passwords for the Twitter account aren’t easy to find, experts said Tuesday.

“This is an easy kind of upkeep to overlook,” said Kennedy Thorwarth, vice president of digital at Zeno Group, a public relations agency. “It’s an administrative task that can sometimes fall by the wayside.”

Another expert said Twitter and Facebook accounts are less clearly the responsibility of one person compared with email accounts.

Roy Hadley, partner at Barnes & Thornburg law firm in Indianapolis, said companies should make it clear who changes the Twitter, Facebook and other social media passwords.

Strong passwords have a number or numbers, capital letters and combinations that aren’t easy to crack, Hadley said.

Problems also can start when a company’s firewalls and other protections fail to guard against today’s sophisticated hackers.

Tom Kellermann, vice president of cybersecurity at Trend Micro, a cybersecurity firm based in Cupertino, Calif., said companies need to go beyond firewalls and virus scanners. They should invest in file-integrity monitoring and advanced threat protection to trace outsiders’ footprints, he said.

The attacks represent a new category designed to embarrass or humiliate companies, said Mary Ellen Callahan, partner and chair of the privacy group at Jenner & Block law firm’s office in Washington, D.C . The other two categories are organized cybercrime and advanced persistent threats such as those aimed at the media and financial institutions by foreign countries.

“The hacker is saying, ‘Let me show you how Brand X is vulnerable,’ ” Callahan said.

What should companies do to recover their images?

Don’t overreact, try a little humor and move on.

The experts said Jeep got it right by acknowledging the hack. The company tweeted, “Hacking: Definitely not a #Jeep thing.”



© 2014 Sun-Times Media, LLC. All rights reserved. This material may not be copied or distributed without permission. For more information about reprints and permissions, visit www.suntimesreprints.com. To order a reprint of this article, click here.