Hackers hijack Obama's, Britney's Twitter accounts
Send spurious tweets after gaining control through Twitter's support tools
Computerworld - Hackers hijacked the Twitter accounts of more than 30 celebrities and organizations, including President-elect Barack Obama, Britney Spears and Fox News, early on Monday, the company confirmed today.
"This morning we discovered 33 Twitter accounts had been 'hacked,' including prominent Twitter-ers like Rick Sanchez and Barack Obama," Twitter co-founder Biz Stone said in post to the company blog. "We immediately locked down the accounts and investigated the issue. Rick, Barack and others are now back in control of their accounts."
Earlier in the day, the hacked accounts had been used to send malicious messages, many of them offensive. CNN correspondent Rick Sanchez's account, for example, tweeted a message claiming that "i am high on crack right now might not be coming to work today," while Fox News' Twitter update reported "Breaking: Bill O Riley [sic] is gay," referring to the network's conservative talk show host.
According to Twitter, the accounts were hijacked using the company's own internal support tools. "These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck," Stone admitted. "We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."
Today's admission was only the latest security problem for Twitter. On Saturday, identity thieves launched a phishing campaign on the microblogging service that tried to dupe users into divulging their account usernames and passwords.
On Sunday, criminals changed their tactics to use messages about Apple's iPhone as scam bait, a security expert said Monday. "A lot of users have fallen for the first scam," said Graham Cluley, a senior technology consultant at Sophos PLC, describing the Saturday tweets. "Now [the attackers] are changing their modus operandi."
Rather than tricking people into visiting a page spoofing Twitter's sign-on screen, the second wave of tweets was essentially spam, said Cluley. The iPhone-related tweets were messages such as "hey. i won an iphone! come see how here" or "Wanna win the new iPhone? It's so easy and cool, I love this thing!" along with links to sites that ask for, among other things, the user's cell phone number.
"They may be making money as part of an affiliate scheme," said Cluley, of the second-stage Twitter spam. The criminals may be reaping revenue from ads on the sites the tweets steer users to, or by convincing people to sign up for expensive text message plans.
Twitter, however, said that the hacks of prominent users were unconnected to the first phishing campaign or the follow-up spam.
"This is actually much more serious than these people and organizations falling for a simple phishing attack," said Cluley, who earlier Monday had said there might be a link between the two. "It appears that Twitter's systems were potentially exposing everybody's account to the danger of being taken over by hackers."
Nonetheless, both Cluley and Marian Merritt, an Internet safety advocate for rival security company Symantec Corp., applauded Twitter's fast response. "Twitter has been very upfront and ahead of the game on this," said Merritt.
Obama and tech
- Obama's national health records system will be costly, daunting
- Pat Thibodeau: Obama's CTO choice may usher in mashup era
- Microsoft, CNN team up to make historians out of inaugural attendees
- Obama plans to keep his BlackBerry
- Preston Gralla: Microsoft, Google execs donate $450,000 to Obama inauguration
- Silverlight tapped to stream Obama's inauguration
- FAQ: Why Obama may give up his BlackBerry
- 5 must-do cybersecurity steps for Obama
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!