Thousands of Twitter accounts, including high profile ones belonging to users such as Forbes, Amnesty International, the BBC’s North American service, and tennis star Boris Becker were compromised on Wednesday morning, resulting in them tweeting propaganda related to Turkey’s escalating diplomatic conflict with Germany and the Netherlands. IT security experts from AlienVault, FireEye, Kaspersky Lab, ESET, Tenable Network Security, Positive Technologies, NuData Security, Proofpoint and Alert Logic commented below.
Javvad Malik, Security Advocate at AlienVault:
With more online services being inter-connected through social media, it becomes imperative that users are careful in what permissions are granted to apps, and regularly review whether permissions are still needed.
Enterprises should be mindful that these types of attacks are not just limited to individuals, rather corporate services can be compromised in the same way – with far greater consequences.”
Jens Monrad, Senior Intelligence Analyst at FireEye:
On the 11th of March, Shortly after the Dutch authorities prevented foreign minister Mevlut Cavusoglu from flying to Rotterdam, we observed disruption attacks carried out against Rotterdam The Hauge Airport´s website. The DDoS attack was most likely carried out by a Turkish hacktivist group that appears to be motivated by Turkish nationalism and pro-Islam ideologies. There were several other disruption and web-defacement attacks carried out after the news broke about the prevention of Mevlut Cavusoglu’s travel to Rotterdam, including an attack against the website owned by Dutch politician, Geert Wilders as well as several enterprises in the Netherlands were targeted.
Politically motivated cyber attacks in general thrives on making as large a media impact as possible and therefore it is expected to see these attacks whenever a political conflict escalate.
The attacks are typically disruptive attacks, using distributed denial of service and also web defacements, where the individual or group replace the front page with a political message.
With the current political conflict between The Netherlands and Turkey, we have observed an increase in takeovers of high profile social media accounts, such as those belonging to celebrities, NGOs and companies. Attackers are compromising third-party applications which have access rights to these accounts, and then sharing political messages.
Ultimately, this trend will only get worse. Cyber threats don’t move backward. If anything, the barrier to entry only becomes lower over time. Politically motivated cyber attacks such as those targeting social media will only become more effective as we become more reliant on these technologies.”
David Emm, Principal Security Researcher at Kaspersky Lab:
This is a clear example of where a third party provider’s weakness has impacted very widely, not only on the provider itself, but also on Twitter and thousands of its users including some very high profile businesses and organisations. If Twitter users believe their account has been affected, they should change their password immediately. However, it is critical that people understand the permissions agreed to when downloading apps. Kaspersky research recently found that 63 per cent of consumers neglect to read the license agreement carefully before installing a new app on their phone and one-in-five (20 per cent) never read messages when installing apps. This means an alarming number of people are leaving their privacy – and the data on their phones – exposed to cyber-threats due to poor app safety practices.
To protect themselves people should:
- Only download apps from trusted sources
- Select the apps you wish to install on your device wisely
- Read the license agreement carefully during the installation process
- Read the list of permissions an app is requesting carefully. Do not simply click ‘next’ during installation, without checking what you are agreeing to
- Use a cybersecurity solution that will protect your device from cyber-threats
As best practice, Kaspersky would advise that app creators themselves aim to be as transparent as possible in the way they present their permission requests, to make people’s decisions easier.
Mark James, Security Specialist at ESET:
“For Twitter, this can be done on their website. Head to “Profile and Settings” and choose “Settings and Privacy” then select “Apps”. If you have associated any services you will see them listed here with an option to “Revoke Access” as a tab to click. One of the nice things here is seeing when it was approved, so you could determine if it’s still valid and if not remove it. If you make a mistake you can always click the “Undo Revoke Access” button to put it right. While you’re at it why not check Facebook as well – go to the Facebook website and choose “Settings” from your profile, select “Apps” and review what does and does not have access to your data and profile.”
Gavin Millard, EMEA Technical Director at Tenable Network Security:
“Twitter has a history of responding well and quickly to these kinds of incidents. For the rest of us who weren’t directly affected, there are much more important things we should be concerned about when it comes to security.
“To protect your online identity and social profiles, most platforms (including Twitter) allow for a secondary step in authentication. Enabling two-stage verification dramatically increases the difficulty for a malicious user to take over your account.”
Alex Mathews, lead Security Evangelist at Positive Technologies:
“Thus, in most cases, connecting your Twitter or Facebook account to such services is like to give your passport to a perfect stranger. Social network users have to control these apps by their own. You’d better not connect your account to new services from untrusted sources, and disconnect them when you don’t really need them.”
Robert Capps, VP of Business Development at NuData Security:
If Twitter were a country, it would be the 12th largest in the world with over 100 million users logging in daily, and continually growing. The size of its membership and its capacity as a live media source of information make it an attractive and vulnerable target for account takeovers. By hijacking accounts, bad actors have access the audiences of celebrities and brands with thousands of followers, and can also leverage hashtags and lists to push that reach further. It’s a reminder for everyone to use unique strong passwords on every site, and consider using a password manager like 1Password or LastPass for easy generation of strong, unique passwords, as well as storage and encryption of these passwords.”
Dan Nadir, Vice President Digital Risk Products at Proofpoint:
The complexity and the high rate of activity on those corporate accounts makes it difficult to find a compromise until it is too late. Outside of just the content being posted, we see up to 50 changes a day around apps authorized, admins added, descriptions and pictures changed on busy media and brand accounts. Once a compromise happens, the initial embarrassing content posted is the most visible item, but it is really just the beginning of the pain. A busy Twitter account can send up to 400,000 direct, private messages to followers and other admins per month. Once compromised, the organization has to assess if other admins and even customers have been compromised In addition, they need to determine if those credentials are the same credentials used for other enterprise applications and access.”
Paul Fletcher, Cybersecurity Evangelist at Alert Logic:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.