ALBUQUERQUE, N.M. — Hackers claiming to be acting on behalf of the Islamic State broke into the Albuquerque Journal’s Twitter account Tuesday.
“INFIDELS, NEW YEAR WILL MAKE YOU SUFFER,” the hackers posted.
The group controlled the Journal’s account for about two hours, according to Monty Midyette, director of information technology for the Albuquerque Publishing Co.
Midyette said the FBI was notified and helped the Journal work with Twitter to regain control of its account shortly after noon.
This was the third attack on computer systems controlled by the Journal in the past two weeks, Midyette said. The day before Christmas, what appears to be the same group gained access via stolen employee passwords to the Journal’s Web content management system and posted a statement on its website on behalf of the Islamic State, promising further computer mayhem.
Then last week, the group briefly took control of the Journal’s Facebook page.
While in control of the Twitter feed, the group posted a series of pictures and other information that the hackers claimed came from Albuquerque-area computers.
“Citizens of Albuquerque, we’re watching you,” the group wrote. “Here’s a part of confidential data from your computers.”
The posting included driver’s license pictures and other information from public computer systems. None of the information came from the Journal or Albuquerque Publishing Co. computers, and no internal business databases were compromised, Midyette said.
Midyette said in each case the attackers used a password to get in, and he believes the attackers used what is called a “phishing” attack, in which employees may have been tricked into entering a genuine password into an email or Web page where it can be stolen and used.
All of the passwords have been changed and other security measures have been taken.
The FBI is investigating all three attacks.
The same attackers appear to have also hit television station WBOC in Salisbury, Md., on Tuesday.
Midyette said the Journal and the station both use the same email and content management systems, though it is not clear whether the attackers exploited some sort of weaknesses in the software to aid in the attacks.