Cyber Incident Victim: New York Post
Date:
Jan 2015
Location:
United States of America
Summary
Unknown individuals compromised the Twitter accounts of a prominent media outlet and United Press International, posting six fabricated headlines involving economic and military topics. The false messages included claims about Federal Reserve actions impacting interest rates, a fictional attack on a US aircraft carrier by Chinese forces, and forged statements attributed to political and religious leaders. The accounts were restored after approximately 40 minutes, though the attackers likely gained access through targeted phishing and insufficient authentication safeguards. This incident mirrored previous social media takeovers by groups exploiting similar vulnerabilities to disseminate disruptive misinformation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 16, 2015, unidentified attackers compromised the official Twitter accounts of the New York Post’s business section and United Press International (UPI). The breach resulted in the publication of six fabricated headlines over approximately 40 minutes before control was restored to the legitimate account owners. The attackers disseminated false economic claims, including a tweet stating the Federal Reserve would implement negative interest rates to counter recession risks linked to low oil prices. This message appeared on both compromised accounts. Additional fraudulent economic content included a New York Post tweet falsely quoting Bank of America’s CEO assuring customers their savings accounts would remain unaffected by Federal Reserve decisions. Military-themed disinformation followed, with UPI’s account falsely reporting Chinese anti-ship missiles had struck the USS George Washington aircraft carrier, accompanied by claims of US Navy engagements with Chinese vessels in the South China Sea. The attackers also fabricated quotes attributed to Chinese President Xi Jinping criticizing Barack Obama’s policies and Pope Francis commenting on World War III.
UPI confirmed its website was also breached during the incident, though specific details about the website compromise were not disclosed. The rapid dissemination of false economic and military information risked public confusion and potential market disruption. Security experts attributed the breach to likely spear-phishing attacks against account holders, combined with the absence of two-factor authentication (2FA) protections. The attackers demonstrated reconnaissance capabilities by crafting contextually relevant phishing content to gain access. Twitter account restoration occurred within an hour, limiting the duration of misinformation exposure. The incident shared operational similarities with prior CyberCaliphate attacks, including the 2015 hijacking of a US military Twitter account to distribute pro-ISIS propaganda, though no group claimed responsibility for this breach.