Hackers Target Twitter
Posted by: Rachael King on July 15, 2009
Hackers are getting more creative in targeting certain companies and Twitter has recently discovered the consequences of such an attack. About a month ago, an administrative employee at Twitter was targeted and her personal e-mail was hacked, according to a blog post today by Twitter co-founder Biz Stone. The hacker used information in the e-mail account to access this employee’s Google Apps account, which contained a wide variety of Twitter documents from ideas to financial details. Today TechCrunch said it had received 310 confidential Twitter documents in a zip file from the hacker who calls himself Hacker Croll.
In the last few years, security experts have seen an increase in the amount of highly-targeted attacks. Unlike, say, massive spam campaigns designed to get employees to divulge personal information like bank accounts, these types of attacks involve hackers targeting anywhere from one to five employees within a company. The motive is to steal confidential information that the hacker will use to make a profit, says Patrik Runald, chief security advisor at F-Secure, a security firm. The types of organizations frequently targeted in these attacks are defense contractors, governments and non-profits with ties to Tibet, he says.
Many times, as in the Twitter incident, the target of the attack involves employees who are not in the executive suite because those employees often have access to information hackers can use, whether it’s blueprints or large databases of customer information. For example, at defense contractor Northrop Grumman, hackers often try to target the computers of employees in the contracts department because of their knowledge of the marketplace, said Tim McKnight, chief information security officer at the company in a recent interview with BusinessWeek.
After the Twitter incident first became public, some speculated about the quality of Google’s security but Biz Stone absolved Google Apps in his blog post. “This attack had nothing to do with any vulnerability in Google Apps which we continue to use,” he wrote. Instead, he wrote, the incident underscored the need for choosing strong passwords.
The best passwords have more than 8 or 9 characters and are comprised of alphanumeric characters, a combination of letters and numbers, says John Pirc, a former cybersecurity specialist for the CIA and current executive with IBM Internet Security Systems. But really, he says, this is a people issue in that employees often don’t practice good password safety and may use the same password for many different applications.
Yet, the incident does underscore some risks involved with cloud computing in the enterprise. Some have called for better security mechanisms. “With the Twitter data, hackers were able to take a password and log on anonymously from anywhere,” says Rich Marcello, president of the systems and technology business at Unisys. Now Unisys is working on a higher level of security that would essentially cloak the data that comes into its cloud and only users within certain communities logging in from certain locations would be able to see the information. It’s akin to how only certain characters who are members of a specific group in Harry Potter are able to physically see the headquarters of the Order of the Phoenix. “If you can do that, even if there’s a password issue, there’s no way hackers can make any sense of the data,” says Marcello.
Companies also need to think about the kinds of information they’re putting in the cloud. While e-mail collaboration may be available over the Internet from reputable service providers with good track records in security, some applications are better left behind the firewall, says Dennis Quan, director of autonomic computing at IBM, who suggests private clouds for applications dealing with classified or confidential information.
“Part of the beauty of cloud computing is that users don’t need to understand the ins and outs of the technology they are using,” says Quan, adding, “This simplicity is great for consumers but can be dangerous for enterprises and governments.”
Reader Comments
John
July 16, 2009 01:47 AM
"It’s akin to how only certain characters who are members of a specific group in Harry Potter are able to physically see the headquarters of the Order of the Phoenix."
nice plug.
Anonymous
July 16, 2009 03:05 AM
"defense contractors, governments and non-profits with ties to Tibet"
haha, wow...oddly enough the same three entities that non-existent Chinese hackers would be interested in :-p
Rachael King
July 16, 2009 01:41 PM
John, I'm a big Harry Potter fan. If only I had an invisibility cloak...
Rachael King
July 16, 2009 01:46 PM
Hi Anonymous, are you saying that there are no hackers in China or that hackers in China don't represent as big a threat to the U.S. as people claim?
SmithWill
July 17, 2009 12:19 PM
Any time new technology gains in popularity, especially if it attracts lots of noobs, it will also attract hackers.
Hackers are opportunistic. Most new users of technology are ignorant, thus making them fat, juicy targets of exploit. With innovation comes opportunity fraught with risk. Twitter users in general and all Internet users everywhere should always exercise caution in their on-line activity. The Internet is a huge untamed electronic metropolis offering entertainment, debauchery and danger just like any urban setting. Though you may not get mugged in the physical sense, your well-being and financial position are definitely at stake. Traps are being laid waiting for someone to step into it. A million spider webs looking for that one human-sized fly who can feed their brood for weeks (think about being scammed for thousands of dollars) or having a life's work erased by a virus.
Caution: you're always a target by someone so be aware of your surroundings. Don't necessarily indulge solicitation by strangers on-line or even in person. Trust but verify is always prudent. A few common sense measures will help keep you safe, secure and from being Twitted upon in an unfavorable manner.
Li
July 17, 2009 12:56 PM
Hi Rachel, I think anonymous is pointing fun at the fact that Chinese officials and others constantly downplay that there exist Chinese hackers... Case in point: http://www.chinadaily.com.cn/china/2009-05/20/content_7907900.htm
In reality, I would believe that are as big threat or bigger than we truly realize. What happens behind the Great Wall is any outsiders guess... ps - i lived there for over 2 years...
They are definitely a clear and present danger.
Rachael King
July 17, 2009 01:25 PM
Interesting points, SmithWill. What I find so fascinating, though, is that it's not just consumers who are being targeted. Increasingly, workers need to be careful too.
In the last year or so, there's been a phishing scheme targeting senior level executives, trying to make them think they're getting correspondence from the Better Business Bureau. Those messages had links where executives could supposedly see complaints lodged against their companies. If they clicked the link they were instead taken to a Web site where their computers would automatically download malware that hackers could use in subsequent attacks.
Rachael King
July 17, 2009 01:29 PM
Thanks for clarifying, Li. One security expert told me that it was unclear whether there were a great number of hackers in China or whether hackers in other locations were launching attacks from China because of a high number of compromised computers there. This expert suggested that since there's greater use of pirated software in China that there might be a greater risk that computers with that software had been enlisted in botnets.
Post a comment
About
Technology is transforming the workplace. In the Technology At Work blog, Rachael King and occasional guest bloggers explore how companies are using innovative software, hardware and other tools to revolutionize work spaces, cut costs of getting the job done, and make us better, faster and smarter at earning a living.
Recent Comments
- Pakistan, A Popular Outsourcing Destination? (69)
comment: Pakistan also have a good image in electronic banking softwares.TPS Pvt Ltd - What Your Blog Says About You (27)
comment: I ran Typealyzer on my blog and came up with a result that is almost exactl - How Did the Google Attack Happen? (11)
comment: it a high time the west should rise up to the threat from china. this cyber - Supply Chain Risk: Kanban Won’t Cut It (2)
comment: This article and the data shown aren't necessarily indications that kanban - The Failure of Commercial Open Source Software (24)
comment: preconceived notion from inexperienced that some open ie a business opportu
Archives
- March 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
