Cisco Blogs

Don’t Let Others Tweet On Your Behalf!

- December 9, 2010 - 0 Comments

Hackers recently gained control of an Indonesian government Twitter account to falsely broadcast an impending, yet fictitious, tsunami in Jakarta, Indonesia to over 8,000 followers. While this was by no means considered a catastrophic event it certainly, I’m sure, caused a bit of chaos and disruption to the people in Jakarta and in the surrounding areas. Doesn’t this sound like the 21st century version of yelling “Fire” in a crowded movie theater? In any event, as is the case with any failures related to technology, there are some important lessons to be learned from this miscreant-generated Tweet…or shall we call it a “MisTweet”?

The lessons learned and subsequent recommendations that follow go beyond the use of Twitter – in fact, most of these apply to any and all forms of Internet-based communications.

  • Keep in mind that, regardless of the source (who, what, or where) of the information that we receive, there is a possibility that this information is spoofed (i.e. not coming from who we think it is coming from) and/or false. In other words, unless we’re speaking face-to-face with someone that we know to have reliable information, then we truly don’t know and can’t authenticate the veracity of the data.
  • Once we put any information out there on “the wire”–by text, email, chat, IM, or social media–it cannot be taken back or retrieved. So…be careful what you send and to whom you send it; it’s also a very good idea to proofread a time or two before hitting that SUBMIT/SEND button!
  • Protect your online accounts with non-trivial, strong, and not so easy to guess passwords.
  • Utilize safer password-retrieval mechanisms. For example, many online account passwords (if forgotten) can be retrieved through your email account. Well…if your email username is trivial (or known for that matter) AND you use a same (or similar) password for a previously compromised online account then the hacker that just stole your credentials for your Twitter (just using Twitter solely for example) account may have already hacked into your email account. Yep, that same email account to which your new Twitter password was just sent! Many online accounts are now sending SMS messages to your cell phone to confirm you are who you say you are! Avoid using publicly available information for those accounts that use “security questions” to confirm your identity. For example, many people include things such as hometown, high school, and college information on sites such as Facebook and then using similar (or identical!) information for their online account security questions.

Luckily the Indonesian Twitter fiasco did not result in any serious consequences; however, the next time someone maliciously sends emergency notifications via a social network medium we may not be as fortunate, so make sure your online accounts are well protected.


All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.