(U//FOUO) DHS-FBI Bulletin: Compromises of Official Social Media Accounts Spread Disinformation


  • 1 page
  • For Official Use Only
  • August 30, 2013


Malicious cyber actors have used compromised social media accounts to spread disinformation about alleged emergencies and attacks, most prominently through Twitter. Because it is difficult to determine the authenticity of a tweet, we anticipate malicious cyber actors will continue to seek to exploit Twitter and other social media platforms used by news organizations and public safety agencies to propagate disinformation.

(U) Syrian Electronic Army (SEA) cyber actors on 23 April 2013 claimed that they had posted disinformation on the Associated Press (AP) Twitter account indicating that two explosions had occurred at the White House and that President Obama had been injured. Within minutes of the posting, the Dow Jones Industrial Average dropped 145 points (nearly 1 percent). but it quickly recovered after the AP removed the false posting.

(U) A group calling itself the “Script Kiddies” on 4 July 2011 claimed responsibility for hacking a Fox News Twitter account and posting six tweets indicating that the President of the United States had been fatally shot. An administrator deleted the false postings 10 hours later. The false postings, however, attracted considerable attention.

(U) First responders are encouraged to secure and monitor all official social media accounts and verify reports of events posted to social media to ensure that they are legitimate. The below security practices are intended to prevent compromises of social media accounts.

(U) Recommended Practices for Securing and Monitoring Social Media Accounts

(U) Security Principle

(U) Prevent account compromises

(U) Change passwords regularly for e-mail and social media accounts.
(U) Use complex, 12-character passwords that include numbers. letters, and symbols.
(U) Monitor organization’s social media account activity for non-authorized access.
(U) Use two-factor authentication for log ins to social media accounts.

(U) Maintain situational awareness

(U) Monitor organization’s social media pages for malicious posts and quickly delete misinformation.
(U) Verify claimed emergencies with additional, non-social media sources.

Share this: