Beware of imposter ‘tweeters’

By Phil Elmore

Have you heard of Twitter? According to the website, Twitter “is a service for friends, family and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?” I first became aware of Twitter while reading the insightful conservative editorial cartoon Day by Day by Chris Muir. On Muir’s website, where the cartoons appear, there is a little blue Twitter box that contains one-line messages. Sometimes the messages are references to the strip, and other times they do indeed indicate what Muir, the site owner, is up to at that moment.

How popular is it? Twitter Facts reported last year that the site has something like 1 million users. The most famous of these have thousands of followers – individuals who track the personal messages from those Twitter users. Twitter user Barack Obama, for example, is said to have between 15,000 and 20,000 followers. All of this might seem relatively benign to you, and for the most part, you’d be correct. Even Twitter’s own website says, quoting a Twitter user, that the site “is one of those things, like MySpace, that sounds totally ridiculous and stupid when you first hear about it.” The idea of tracking brief messages from family, friends, coworkers and celebrities certainly seems harmless enough. But even this cutesy social networking application has its vulnerabilities. Twitter has become the newest platform for identity theft. In this case, it isn’t the user’s credit rating that’s vulnerable. The theft appropriates the user’s credibility, stealing the individual’s reputation by allowing the impersonating hijackers to communicate with other Twitter users.

TechNewsWorld reported Tuesday that 33 high-profile Twitter accounts had been breached (including Barack Obama’s and Britney Spears’). “The significance [of the breached accounts],” TechNewsWorld quoted Richard Wang, manager of an anti-virus and anti-spam firm, “is that hackers accessed tools that were designed for use by Twitter support staff. Although they targeted high-profile individuals … the attack could have been much more subtle and serious.” What he means, according to TechNewsWorld’s analysis, is that it’s one thing for someone to start “tweeting” to others as Barack Obama, saying outrageous and obviously false things. It’s quite another for a hacker impersonating you on Twitter to subtly and irrevocably harm your reputation. Suddenly your answers to the question, “What am I doing?” might be things your friends, family or employer would find offensive. What if your Twitter account transmitted that you were “having an affair,” or that you were “busy hating niggers”? You can imagine the havoc a malicious hacker could wreak.

What’s worse, while cybercrime and identity theft – or the threat of same – are on the rise in our increasingly technologically connected world, you as an individual would have very little credibility if you tried to dispute statements made through your own Twitter account. Ask yourself: If you were following the account of a coworker, and you found things that coworker said to be incredibly offensive, would you believe that individual if he tried to claim that he wasn’t responsible for what was posted there? Would you have any reason to take him seriously if he claimed mysterious hackers had temporarily “tweeted” on his behalf? More importantly, if the roles were reversed and the offended party was your boss, do you think he would believe you?

Information Week claimed Monday that Twitter “has been dogged by privacy and security issues,” citing a software vulnerability identified in July, a false Twitter spam account created this past December to impersonate Google VP Vint Cerf, and accusations made by a tech blogger in November that took Twitter to task for too freely transmitting credentials to other applications. An apparently unrelated phishing attack, in fact, coincided with the breach of the Twitter accounts, falsely appropriating Twitter users’ credentials by preying on their willingness to enter usernames and passwords when prompted.

Most of us who use e-mail are aware of the fact that we should not send money to random Nigerian royalty who contact us with the promise of millions of dollars if only we send them a few thousand. Most people with online accounts (of varying kinds) know enough not to give out their user names and passwords when randomly asked, and quite a few of us realize that our banks, online gaming services, and Internet video and image hosting sites won’t contact us through chat windows to verify our usernames and security hints. You wouldn’t give your Social Security Number and birth date to just anyone calling you on the phone, I hope; our society has become reasonably hip to identity theft issues. We take precautions accordingly.

What is truly insidious about this new form of identity theft, however, is that it has nothing to do with our financial information (necessarily). Rather, it is truly identity theft, because those Twitter users victimized in this manner have their very voices stolen. Text on a screen is text on a screen. You have no way of knowing if the person writing to you on Twitter truly is that individual … but you have no reason to suspect otherwise. You will, therefore, tend to accept, without question, that the messages coming from Barack Obama, Britney Spears, your friends, your family and your coworkers really are from them. When you become upset by something they have to say, it is them you will blame, and not the anonymous cyber-thieves who have done this simply because it is fun to damage ordinary people’s lives.

Social networking sites aren’t going away any time soon. There’s no reason you shouldn’t use one, necessarily. You must, however, keep personal security issues in mind when you join, post to, participate in and receive communications from any such service. The text messages that link us through online forums, newsgroups, chat programs and other data feeds can be dehumanizing. Remember that the real people on the other end might not be the ones you expect.


Phil Elmore

Phil Elmore is a freelance reporter, author, technical writer, voice actor and the owner of Samurai Press. Visit him online at www.philelmore.com. Read more of Phil Elmore's articles here.