Twick or Tweet - Twitter Gets Hacked

by Hector Cisneros

You may have read that Twitter was recently hacked.  This should come as no surprise to many since, LinkedIn, Facebook and even Microsoft's have been hit in recent months.  In this blog we will look at the inherent vulnerabilities of all social networks, as well as what can happen should your account get compromised.  We will also discuss how reduce vulnerabilities  on social sites and what you need to do to do, when it's your turn to answer the question, “Twick or Tweet?"

The Wild, Wild Web

With the advent of social networking the World Wide Web has created a revolution in connectivity that provides information to and on the masses. However with the benefits of widespread connecting have come the flip side of the coin. Criminals, con artist and other black hatters are exploiting the same openness that this connecting has wrought.

Criminals routinely exploit social nets in two ways: The first is by means of specialized hacker code designed to gain access to or install itself on an unsuspecting user's  computer, tablet or smart phone. The second means of exploitation is the use of social interaction to gain a persons trust in order to glean personal information. This is achieved by interacting and engaging with the victim as if they were a friend, family member or coworker.  In many cases these two techniques are used together to gain access or control of the unsuspecting users' internet connected device.

Social Nets are Not as Free as You Might Think

The cost of these kinds of exploitation does not come cheap. Cost can be measured as lost revenue for a business and it’s advertisers. A loss of a subscriber also costs money.  Acquiring new subscribers and retaining them is always a major cost to any businesses. Fraud prevention and security costs are high and fraud recovery costs can't easily be measured. The annual cost to the world at large is in the billions. It's often hard to get accurate statistics because most of the fraud is tracked by category, (mobile, viruses, Trojans, phishing, drive by, website impersonation, etc.…) and most don’t combine their statistic preferring to list them separately.  Reported Internet scams in the USA topped 485 million in 2010. The last worldwide figures I found were with NBCNews.com which reported 2.6 billion in 2004. That article also went on to say that, annual increases were coming in at 700 million dollars a year. That would put the worldwide fraud cost at approximately 6 billion dollars in 2013.

A 2011 ComScore report estimated that anywhere from 2.7 to 10.1% was the worldwide website fraud rate. The article went on further to point out that if we assume a 6% average rate that 72 million users are at risk of becoming fraud victims’ in the USA  alone.

Who’s Getting Hacked?

The sad and scary reality today is that anyone can be hacked. Any company, any bank, any government agency and any individual's data and identity can be stolen. The FBI and the NSA recently announced a security breach of their own site. Several large banking institutions internet accounts were recently compromised. This post was written because several of the largest social media networks were recently hacked. Several prominent corporate subscriber passwords were stolen and their account pages were altered. The bigger the organization the greater the chance of them being attacked. As far as individuals go, the elderly are targeted more often than young. These scams are widespread and vary in style, breath and persistence.

Long list of vulnerabilities and attacks

The FBI’s counterintelligence agency provides a long list of tactics used to compromise a person’s sensitive and financial information. Tactics can include baiting, click-jacking, cross-site scripting, doxing, elicitation, pharming, phising, phreaking and many other scams. A great article to read regarding the detail of these methods is “Internet Social Networking Risk” provided by the FBI.

Is There a Solution?

The problem is so extensive that to combat it will require a whole new mindset for all internet users. Businesses will have to implement employee education programs to teach employee how to be safe and vigilant internet users. Counter hacker software will have to be improved and be adopted more readily. Currently most smart phones and tablets are not protected with any kind of malware protection. Users will have to learn to be smarter internet user by creating better passwords and by engaging in smarter surfing and email behavior. This can come about through education promoted by the larger internet players (Google, Microsoft, Yahoo, Apple etc.…) and by the widespread adoption of two-factor authentication practices. This new so called 2FA practice is where a user name and passwords are followed by an additional external authentication token passed along through a phone call, email or postcard. This additional token like a pin number, symbol or picture, provides and additional layers of defense. Some even use a special picture or avatar on their websites to provide proof of the website's authenticity. You see this type of authentication being deployed by banks, financial institution and companies like Google, Facebook and others.

We need to secure all internet connected devices. All computers, smart phones, tablets, and game consoles must be protected. Even the new smart TV’s and internet ready video streaming devices are vulnerable. Any device that employs computer technology and is connected to the internet is vulnerable. Securing all devices will move our world towards a safer computing environment. We need to have multiple layers of protection in place. One antivirus program is not enough anymore. We have to monitor our internet traffic and we need to create and implement internet usage policies, both for our businesses and our personal usages.

In this post, I have discussed the overall vulnerability problem we now face because of the growth and widespread adoption of social media networks. We have discussed the cost of this problem, who is being attacked and who is vulnerable. We have discussed the types of attacks being perpetrated and the possible solutions needed to solve this massive problem. If you have  learned something  from this post, pass it on to your friends. If you have, any additional ideas about this subject feel free to share them with our readers. 

Cyber attacks have been increasing exponentially over the last couple of years. Until all internet users implement protective measures, engage in smart and defensive surfing and start to use social media in a more prudent manner, this problem will only grow. I hope you take the FBI’s warning seriously and implement some of the solutions talked about here. Keep protecting what yours. That’s my opinion; I look forward to hearing yours.

 Hector Cisneros is COO of W Squared Media Group, a digital marketing agency based in Jacksonville, Florida.  You can hear Hector live at 4pm Eastern every Tuesday on his radio show Working the Web to Win.