Lately the number of hacked Twitter accounts has made headlines.
The most recent examples of’ ‘Twitter-hacking’ include the invasion and hijacking of accounts owned by Britney Spears and famed blogger/entrepreneur Guy Kawasaki.
Amit Klein, CTO of security firm Trusteer, believes that Twitter account hijacking is an issue that more people need to be aware of. In a recent interview with WebPro News, Klien said:
“Typically, criminals hijack Twitter accounts in order to spread malware. That is, they abuse the hijacked accounts to post messages to all the “followers”, with a link to a site that serves malware. In the Guy Kawasaki incident, for example (not a classic account hijacking, but still a malware spreading campaign), of the 139,000 followers, it is estimated that hundreds got infected. Earlier this year, accounts of 33 celebrities (among them Barack Obama – 1.6 million followers, and Britney Spears – 2.1 million followers) were hijacked.
AK went on to state that twitter accounts can be used to send malware links and plain spam to followers, and that this ios much more common than pmost people think – only high profile celebs get publicized when their accounts are hacked.
Klein gave some recommendations for keeping your Twitter account safe:
1. Protect your twitter credentials – be vigilant and keep on the look out for Twitter phishing attacks, and pharming (DNS poisoning) attacks. You can install client side security tools that ensure you are only providing Twitter credentials to the genuine twitter website. This will protect your credentials against keyloggers or malicious browser plug-ins (“man in the browser” attacks).
2. Control and protect your twitter information. 3rd party applications and services that enhance Twitter can increase your exposure to abuse. Every website which is allowed to automatically post to yourTwitter account adds attack surface that criminals may exploit!
3. Also be aware of the practice called “twitter-squatting”, (which involves names of people/organizations being registered by fraudsters or pranksters. Monitor for such registrations, or better yet, to register brand names and individual names as early as possible to thwart such attacks. Also watch out for another threat associated with Twitter, which is abusing “Trending Topics” to serve malware. The attack involves sending many tweets (with malicious links) with some special keyword in them, so that this keyword will show up as a trend in the “Trending Topics” list at twitter.com. A user that views a sample tweet for this keyword and clicks on the malicious link will be served malware.
Tags: Amit Klein, hackers, privacy, security, twitter