Pro-Assad hacktivist group the Syrian Electronic Army are claiming another victory in cyberspace after apparently hacking the official Twitter account of the Israeli Defense Force (IDF) and posting a message claiming a nuclear leak in the region.
The message was posted under the official @IDFSpokesperson account. It read: “#WARNING. Possible nuclear leak in the region after 2 rockets hit Dimona nuclear facility.”
The message was taken down shortly afterwards as the IDF administrators seized control of the account.
They then posted the following tweet: “We apologize for the incorrect tweets. Our twitter account was compromised. We will combat terror on all fronts including the cyber dimension.”
Although the SEA was not named by the IDF, it did post a screenshot purporting to show that it had been able to access the Israeli army’s Hootsuite dashboard.
The nuclear facility referenced in the SEA tweet is actually the The Negev Nuclear Research Center close to the Israeli city of Dimona, where it is thought the country manufactures nuclear weapons.
This is only the latest in a long line of attacks launched by the Syrian hackers, who claim allegiance to dictator Bashar al-Assad.
A few days ago the group claimed to have hacked an official IDF blog. That site was down at the time of writing.
The SEA has not limited its attacks on Israeli targets, however, hitting the US military several times and even hacking the Gmail accounts of several White House staffers.
The group has also hit out at media organizations, compromising the Twitter accounts of the BBC, The Guardian and CBS News in the past.
It’s thought that the hacktivists crack Twitter accounts primarily by phishing for credentials.
In May, the microblogging site announced improvements designed to bolster security, including a new rule to notify account holders by email if suspicious activity is detected.
“To protect your account in this scenario we built a system that analyzes login attempts on your account — by looking at things like location, device being used and login history — and identifies suspicious behaviour,” wrote product manager, Mollie Vandor, in a blog post.
“If we identify a login attempt as suspicious, we’ll ask you a simple question about your account — something that only you know — to verify that your account is secure before granting access.”