A large number of Twitter accounts were hijacked today spreading Nazi propaganda that included swastikas, Nazi messages and Pro Erdogan campaigns.
The source of the hack is being blamed on a third party analytics service called Twitter Counter, a popular tool used to analysis twitter followers.
Over a thousand accounts are thought to have been compromised including verified accounts of some of the world’s biggest names such as Justin Bieber and news publications like Forbes Magazine. Other household names that have been affected include Amnesty International, Starbucks and renowned cyber security expert and journalist Graham Cluley.
Twitter Counter confirmed the issues and has placed a block on the ability to post tweets from its service to nullify the threat.
This is yet another reminder of the vulnerability and the threat that poses users of social network and the route it offers to hackers and cyber security criminals. Users of social networks should remain vigilant, review what information and app services are connected and must consider removing secure information to avoid potential issues.
IT security experts from NUData Security, Tenable, Intel, Tripwire, Alert Logic, ESET, AlienVault and Kaspersky Lab have given their professional observations on the Twitter Hack:
Robert Capps. VP of Business Development at NuData Security:
Hacking the personal twitter accounts of celebrities and brands for geopolitical advantage is a disturbing twist and escalation in cyber warfare. This hack appears to be coming from a zero-day vulnerability in a third-party app called Twitter Counter. Aside from the political message in this attack, we should be concerned about it because hacking Twitter accounts is akin to making a puppet out of the celebrity or affected brand. In the long term, I doubt these brands will experience much lasting harm if the situation is remedied quickly, but in the short term, the coverage that these attackers obtained by the hack is considerable.
If Twitter were a country, it would be the 12th largest in the world with over 100 million users logging in daily, and continually growing. The size of its membership and its capacity as a live media source of information make it an attractive and vulnerable target for account takeovers. By hijacking accounts, bad actors have access to the audiences of celebrities and brands with thousands of followers, and can also leverage hashtags and lists to push that reach further. It’s a reminder for everyone to use unique strong passwords on every site, and consider using a password manager like 1Password or LastPass for easy generation of strong, unique passwords, as well as storage and encryption of these passwords.
Gavin Millard, EMEA Technical Director at Tenable Network Security:
“This is the ‘hacker’ equivalent of writing graffiti on the bathroom wall, sometimes shocking and certainly worth a read when you’ve got nothing better to do, but it’s not even in the same league as DDoS, much less a sophisticated cyber attack.
“Twitter has a history of responding well and quickly to these kinds of incidents. For the rest of us who weren’t directly affected, there are much more important things we should be concerned about when it comes to security.
“To protect your online identity and social profiles, most platforms (including Twitter) allow for a secondary step in authentication. Enabling two-stage verification dramatically increases the difficulty for a malicious user to take over your account.”
Raj Samani, CTO EMEA at Intel Security:
“This attack really calls to question the amount of trust enterprises – and individuals – place in the hands of third party apps and online services. This doesn’t just apply to Twitter-focused apps, but all accounts and services that ask for permission to access our data. Enterprises need to routinely check permissions they have granted to online services – this includes reviewing services that may no longer be in use. Failing to tidy up dead or unused online services and apps can have dangerous consequences.”
Paul Fletcher, Cybersecurity Evangelist at Alert Logic:
“The practice of hacking Twitter accounts to gain notoriety for a cause is similar to a web defacement hack. Hacking groups like the variety of audiences they can reach by hacking a varied array of Twitter accounts, like we see in this latest attack. Social media accounts should practice good password management practices to prevent being attacked.”
Javvad Malik, Security Advocate at AlienVault:
“It appears as if the Twitter accounts were compromised via a third party service called Twitter Counter. The incident illustrates the need for security throughout the supply chain. Users should be wary as to which services they allow access to write to their Twitter accounts. It can be all too easy to allow permissions and subsequently forget that they were ever granted. The specific danger that third parties present is that even if users have secured their account properly and enabled two-step authentication, it offers no protection.
With more online services being inter-connected through social media, it becomes imperative that users are careful in what permissions are granted to apps, and regularly review whether permissions are still needed.
Enterprises should be mindful that these types of attacks are not just limited to individuals, rather corporate services can be compromised in the same way – with far greater consequences.”
Tim Erlin, Sr. Director, Product Management at Tripwire:
“The more connected and integrated services become, the more every app has a supply chain to protect. In this case, it wasn’t Twitter that was compromised directly, but a third party app that integrates with the messaging platform.
Users should think about connected apps as part of their personal attack surface. The more apps that have access to your Twitter, Facebook and other social media accounts, the more doors there are for attackers to try. Regularly reviewing connected apps can help keep that attack surface to a minimum.”
Mark James, Security Specialist at ESET:
“One of the problems with these types of “hacks” is the perception of who has actually been hacked. In this case, our first impression is Twitter but in fact a third party tool was compromised that has the ability or permission to post to Twitter on your behalf. With so many add-ons and extensions for social media there are hundreds of these types of apps available to add little features or additions to our software. Sadly, the companies that spend huge amounts of money keeping your data safe and secure are at risk when something like this happens. We should always review which services have our permission to take action on our social media accounts on a regular basis.
“For Twitter, this can be done on their website. Head to “Profile and Settings” and choose “Settings and Privacy” then select “Apps”. If you have associated any services you will see them listed here with an option to “Revoke Access” as a tab to click. One of the nice things here is seeing when it was approved, so you could determine if it’s still valid and if not remove it. If you make a mistake you can always click the “Undo Revoke Access” button to put it right. While you’re at it why not check Facebook as well – go to the Facebook website and choose “Settings” from your profile, select “Apps” and review what does and does not have access to your data and profile.”
David Emm, Principal Security Researcher at Kaspersky Lab:
The Twitter account hack revealed today, whereby Twitter users of third-party app Twitter Counter have had their account compromised with messages from political activists, shows how vigilant people need to be not only of their own security practises but also those of their suppliers and partners. If businesses or consumers choose to use third party apps, which provide useful and necessary services, they could well be signing over full control to a third party.
This is a clear example of where a third party provider’s weakness has impacted very widely, not only on the provider itself, but also on Twitter and thousands of its users including some very high profile businesses and organisations. If Twitter users believe their account has been affected, they should change their password immediately. However, it is critical that people understand the permissions agreed to when downloading apps. Kaspersky research recently found that 63 per cent of consumers neglect to read the license agreement carefully before installing a new app on their phone and one-in-five (20 per cent) never read messages when installing apps. This means an alarming number of people are leaving their privacy – and the data on their phones – exposed to cyber-threats due to poor app safety practices.
To protect themselves people should:
- Only download apps from trusted sources
- Select the apps you wish to install on your device wisely
- Read the license agreement carefully during the installation process
- Read the list of permissions an app is requesting carefully. Do not simply click ‘next’ during installation, without checking what you are agreeing to
- Use a cybersecurity solution that will protect your device from cyber-threats
As best practice, Kaspersky would advise that app creators themselves aim to be as transparent as possible in the way they present their permission requests, to make people’s decisions easier.