Helen (heleninwales) wrote,

  • Mood:

More about the Twitter hacking and a PSA about apps

Thanks to trenton22 providing a link to tacit's account of a similar hacking, I am now of the opinion that the attack came via Twitter itself and wasn't my account being directly hacked. I changed the password and removed a suspicious app yesterday, so realising that the attack wasn't personal gave me the confidence to re-activate the account in order to see what had been going on. The first tweet made by the hackers was on 14 December, the exact same date the strange apps were approved on tacit's account.

Here is tacit's summary of what is going on:

"So to recap: Attackers are gaining access to large numbers of Twitter accounts and using them to spam malware. The malware is an off-the-shelf package designed to allow its users to profit from click fraud; the malware authors operate a site hosted on hostzealot.com. The compromised Twitter accounts have read/write access granted by malicious Twitter apps. They're being used to spread links to the InstallMonster malware, probably not from the malware's actual authors, but from people who've bought a copy of InstallMonster and customized it to direct money to them. (That's increasingly the way the malware industry works: people create turnkey malware kits which they then sell to other criminals.)

IF YOUR TWITTER ACCOUNT IS HACKED: It's not enough just to change your password! You must also go to your Apps control panel in your profile and revoke access to the malicious apps!"

I'm pretty sure I didn't compromise the account myself. In recent months I haven't logged on from anywhere other than my home computer, so I haven't left a computer logged on where someone could access my account. The password was a random string of letters with a squiggly bracket in the middle like so {. It was therefore un-guessable. So it was either brute forced or, as tacit suggests, someone has somehow managed to find a back door to connect their app to people's accounts without their knowledge. My password hadn't been changed, just a suspicious app enabled. I also suspect it was somehow automated because who would bother manually hacking an account with 5 followers? :)

So, I'm giving Twitter a second chance. I have deleted all the dodgy tweets and blocked another spammy looking account who seemed to be able to get messages into my stream, even though I wasn't following them. However, I will look in there every day from now on to check for suspicious activity. And Twitter is most definitely on probation. Any more problems and the account goes for good.

It any of you are on Twitter, you might like to check the Apps settings regularly and watch out for anything dodgy appearing. If it does, remove it immediately
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded