j-j.co.za

My Twitter account was “hacked” a number of months back, and the accounts of a number of people I follow have been hacked on a fairly regular basis since. This is unfortunately a regular occurrence and spammers are increasing their efforts to get access to people’s accounts to spam their followers.

How do you know if someone you are following has been “hacked”? 

You will in all likelihood get a direct message from someone you follow which will be a generic message (but interesting or tempting one) which will have an embedded link to a site. Links these days are mostly shortened so you won’t immediately be able to see the final destination site. Clicking on it could be compromising your account and / or delivering up malware to your PC which your Antivirus software may or may not detect. So avoid clicking these.

Common messages that are coming up recently as direct messages include :

• Twitter might start to charge in July, sign this petition to keep the service free! (link removed)
• Hi, this user is saying really bad rumors about you … (link removed)
• Hi some person is saying really bad things about you … (link removed)
• Hi somebody is posting horrible rumors about you … (link removed)
• Hey someone is saying nasty things about you… (link removed)
• Various messages about weight loss or other obvious spam

How do you know if you have been “hacked”?

Your followers will send you messages pretty quickly to tell you, or they will be asking you why you are sending them strange messages (like the ones above). Don’t ignore these or react negatively, thank them for the warning and get on with fixing the problem before more of you followers are spammed and / or compromised.

What to do when you have been “hacked” ?

1. Change your password.
   • Choose something decent, not a real language word, chuck in some numbers or special characters, and don’t think you are smart by using l33t sp3@k (leet speak).
   • Ra35!!me would be good, whereas P@ssw0rd would be bad.
2.   Check to see what applications are “authorised” against your account. This can be used to keep sending SPAM even after you have changed your password.
   • Log in to your Twitter account on the web and open up your account settings.
   • Click on the Apps tab in the left-hand menu.
   • Read down through the list of applications to see that you know about them and trust them
   • If unsure of an application, revoke its access. You can always approve it again later.
3. Check that if you associated your mobile number with your twitter account you have set up a PIN
   • Log in to your Twitter account on the web and open up your account settings.
   • Click on the Mobile tab in the left-hand menu.
   • Choose a PIN if you don’t have one (mix of 4 numbers and letters)
   • Go to the bottom of the page and click Save changes.
   • If your PIN is OK you will see a confirmation message.
4. Apologise to your followers. Send them here if they have been “hacked”. Shortlink : http://j-j.co.za/twithack
5. Be vigilant

 How did you get hacked?

You may have clicked on one of the direct message links as per the examples above, or you may have received an interesting tweet or link to :

• Sign a petition to stop twitter becoming a pay service
• Save the Rhino, the Dolphins or the World
• Anything else that looked interesting

If you do inadvertently click on a link, in some cases the URL shortening service (eg. bit.ly) will pop up a warning where they have determined the link to be dangerous. Consider this your guardian angel, say thanks and close the window.

If unlucky, you will end up on the page the attackers want you to. The most recent two I investigated put me on a page on tvvitiler.com which was a copy of the twitter login page with a timeout message asking me to log in again. If you are unfortunate enough to do so, that’s you toast, proceed to the fix section below The sites hosting these fake login pages vary from post to post and are more often than not themselves hacked, with the unlucky owners unaware of what is happening.

Chances are therefore that some website or app somewhere conned you into giving your credentials to Twitter or the app/site so that it could post something on your behalf. It may well be something that you wanted posted, however, it then piggybacks off that to send a whole lot of unwanted stuff. Just be aware, and vigilant, and followup quickly when something happens.

With information security, knowing how to react and clean up is just as important as prevention. It is not a matter of if, but of when your account will be compromised.

Thanks to :

• Mandy Wilson (@Mandywilson_SA)
• Samantha (@MetroGalZN)

If you have further comments and insight please leave it in the comments here or tweet me (@jjza). Please share this information (http://j-j.co.za/twithack)

P.S. To those infosec folks reading this, apologies for my very liberal use of the word “hack”