FutureFive New Zealand logo
Story image

Anti-social networking

01 Jul 2009

Twitter users have become the focus of a wave of attacks targeting social networks.

Inevitably, the ballooning popularity of the micro-blogging site has brought a range of scams, ranging from  invitations to click on dodgy links, to a fraudulent site set up by identity thieves.

One attack used thousands of Twitter addresses stolen in a phishing (identity theft) attack to post what  purported to be a link to an interesting/ exciting YouTube video. Instead, the link caused the user’s computer to download a variety of malware.

Another attack tried to lure users to an address called ‘Twittercut’, claiming that linking to this address would boost the user’s number of Twitter ‘followers’ (people reading your ‘tweets’). The link requests the user’s  login and password details.

And a BBC presenter’s mistake highlighted still another Twitter problem: Jonathan Ross mistakenly posted his  personal email address in a ‘tweet’, instead of just sending a private Twitter message, as he’d actually  intended. As a result, his address was disclosed to more than a quarter of a million Twitter followers of his postings.

While the post was quickly deleted, a copy was still available through Twitter’s advance search feature. It’s  likely that Ross has since been forced to change his email address – not only to avoid being spammed into  oblivion, but to (hopefully) deny online scammers the opportunity to send out all sorts of rubbish in his name.

Security expert Graham Cluley, of Sophos, said this was a serious problem and Twitter should take steps to  ensure that problem posts can be deleted immediately from all parts of Twitter – not just the user’s current stream.

Twitter recently started testing a new verification system to deal with ‘cyber squatters’ – people who  misappropriate a user’s identity and then use it to make misleading posts.

Of course, the speed and immediacy of Twitter  is the key to its appeal. Pity some people are so intent on  high-speed tweeting that they forget a fundamental rule of online communication: think before you send.

Meanwhile, security problems continue to plague Facebook. Symantec has observed a new wave of phishing  attacks using a compromised Facebook account to send a malicious link to friends and direct them to a site that looks identical to the Facebook login page. Users are prompted to provide their login credentials, which are  then used by the phishers to spread their attacks further.

Symantec advises users to beware of any messages from within a Web site or that appear to be sent by that  Web site and to keep their security definitions updated. Consumers who use the same password for multiple  accounts, including online shopping and banking, are most at risk.

Facebook has also been criticised by Cambridge University researchers, who claim it’s not doing enough to  ensure that harmful photos are completely taken down. The researchers posted photos on 16 popular Web sites,  then deleted them. Thirty days later, they found the direct links to the photos still worked on seven sites,  including Facebook. The researchers said this indicated a “lazy attitude” towards privacy. Facebook insisted  photos were deleted “immediately” but could still exist on its Content Delivery Network (CDN) – although  only for “a short period of time”.