Never underestimate the determination of someone who is time-rich and cash-poor. Hackers in this case are experimenting with technology and pushing it in ways people have never imagined, bringing the issue to closer to home is the example below.
Lets take Twitter this week in which the associated press Twitter account was hacked, and the group responsible tweeted that there had been explosions in the White House and the President was injured. This must send out alarm bells to every major company that uses Twitter as such this Tweet was read by thousands instantly spreading like a rumour being retweeted and posted over the internet even causing the Dow Jones stock market to slip 1%. The AP account came out shortly after announcing that this was a false Tweet and the account suspended, but it just shows how impactful a single Tweet can be.
This just shows how important Twitter has become, Twitter is now used in Business for all different purposes, for example Bloomberg now have Twitter feeds in their terminals to monitor market activity and chatter relating to their field of expertise, and they base market decisions not solely on this information set but it has an influence that is for certain. Businesses all over the world see Twitter as not only a social tool but a business tool, and as such they must not under estimate the people who are hacking these accounts, the reputation able damage that can be done to a company now is huge.
I went to a presentation by Peter Hinsenn only 12 months ago and listened to him speak about the importance and value of Twitter as a tool for businesses. True it is a great tool with audiences that are huge but the risk is now also becoming a concern. When you consider what you need to login, a UN and PW it is not difficult to imagine this could be broken. I have had my social media accounts hacked but they are personal and hold no key information on there, the most damage they did was upset my friends with dodgy links on their walls.
Twitter needs to incorporate a two factor authentication so the UN and PW entered can be verified, such as a text coming to you with a code in so you can verify to the server that you are the owner of this account, Microsoft, Google and Apple all now offer this but it seems the one behind the curve is arguably the most influential.
Security is a buzz word in the industry at the moment and everyone has different views on what security entails, especially with how they apply security in their business. I have said this before and I will say it again, if you understand security in this industry and can articulate it in a way that people get you will be hugely successful, its almost a grey area that no one wants to get involved in and why is that? Because it is not easy and is very complex! Twitter are actively recruiting now for senior security people to re vamp their security, the new generation of cyber criminal needs a new generation of cyber police and Twitter are starting to get this.
If I were involved or responsible for a large companies security I would be looking at the above and giving this some serious thought along the lines of where are the lines of my security? and the answer to that is there are no strict lines of defence anymore, the internet and social media are accessible by all, the slightest leak in your ship and a flood will be immanent. I have been to a lot of RSA sessions and also security centres and the ability they have to monitor, track and analyse security is quite incredible and in my view if people are not looking to these measures or similar it is a big risk.
On another note you have to also consider how quickly this Tweet was revoked, do you think that this was just chance, someone casually browsing Twitter that happened to stumble upon this? Think again, major organisations have social media monitoring and analytics used for varieties of purposes, from customer satisfaction to rebuffing negative comments about their respective business on the internet. For example it was made clear through various blogs and posts about the Obama Office using data analytics to monitor peoples thoughts, posts and counter argue on forums.
That’s another story for another day but my point being here, look at what has been done with a single Tweet and some invested time resulting in huge impact. Security may be a subject on most IT professionals minds but it extends much further and should be looked at very seriously.