Hackers Hijack Obama's, Britney's Twitter Accounts
Send spurious tweets after gaining control through Twitter's support tools
By Gregg Keizer, Computerworld
January 06, 2009 — CSO —
"This morning we discovered 33 Twitter accounts had been 'hacked,' including prominent Twitter-ers like Rick Sanchez and Barack Obama," Twitter co-founder Biz Stone said in post to the company blog. "We immediately locked down the accounts and investigated the issue. Rick, Barack and others are now back in control of their accounts."
Earlier in the day, the hacked accounts had been used to send malicious messages, many of them offensive. CNN correspondent Rick Sanchez's account, for example, tweeted a message claiming that "i am high on crack right now might not be coming to work today," while Fox News' Twitter update reported "Breaking: Bill O Riley [sic] is gay," referring to the network's conservative talk show host.
According to Twitter, the accounts were hijacked using the company's own internal support tools. "These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck," Stone admitted. "We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."
Today's admission was only the latest security problem for Twitter. On Saturday, identity thieves launched a phishing campaign on the micro-blogging service that tried to dupe users into divulging their account usernames and passwords.
On Sunday, criminals changed their tactics to use messages about Apple's iPhone as scam bait, a security expert said Monday. "A lot of users have fallen for the first scam," said Graham Cluley, a senior technology consultant at Sophos PLC, describing the Saturday tweets. "Now [the attackers] are changing their modus operandi."
Rather than tricking people into visiting a page spoofing Twitter's sign-on screen, the second wave of tweets was essentially spam, said Cluley. The iPhone-related tweets were messages such as "hey. i won an iphone! come see how here" or " Wanna win the new iPhone? It's so easy and cool, I love this thing!" along with links to sites that ask for, among other things, the user's cell phone number.
"They may be making money as part of an affiliate scheme," said Cluley, of the second-stage Twitter spam. The criminals may be reaping revenue from ads on the sites the tweets steer users to, or by convincing people to sign up for expensive text message plans.
Twitter, however, said that the hacks of prominent users were unconnected to the first phishing campaign or the follow-up spam.
"This is actually much more serious than these people and organizations falling for a simple phishing attack," said Cluley, who earlier Monday had said there might be a link between the two. "It appears that Twitter's systems were potentially exposing everybody's account to the danger of being taken over by hackers."
Nonetheless, both Cluley and Marian Merritt, an Internet safety advocate for rival security company Symantec Corp., applauded Twitter's fast response. "Twitter has been very upfront and ahead of the game on this," said Merritt.
Read more about data protection in CSOonline's Data Protection section.