[ISN] Priyanka's twitter update could be security threat

From: InfoSec News <alerts_at_private>
Date: Tue, 1 Dec 2009 03:10:21 -0600 (CST)
http://www.mid-day.com/lifestyle/2009/nov/231109-Priyanka-Chopra-Twitter-account-Security.htm

[Ankit Fadia, India's uber hacking expert, appears to heavily promote 
Viagra, or been hacked by evil spammers that found a way to subtlety 
deface the web page. - http://attrition.org/errata/sec-co/fadia01.html  - WK]


By Kumar Saurav 
Mid Day
2009-11-23 
Mumbai

Not just Priyanka Chopra, but any celebrity or public figure's Twitter 
updates can jeopardize national security, claims 24 year-old ethical 
hacker Ankit Fadia  

Mumbai-based cyber security consultant Ankit Fadia, who claims that his 
website Hacking Truths was judged as the second best hacking site in the 
world by the FBI, says social networking sites are the latest threat to 
India's security. The potency and penetration of social networking in 
the country has made it possible for anyone to track and connect with 
film stars, politicians and other public figures who were once beyond 
reach.

Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor and Barack 
Obama are just a few from a whole bunch of celebrities who update their 
Twitter status regularly. But "are they doing it wisely?" is what Fadia 
asks.


Why are you apprehensive about celeb tweeting?

If you follow celebs, you'll observe that they disclose information on 
where they are shooting, what their shooting schedule looks like and the 
hotel they are put up at. Unintentionally, they are inviting trouble, 
because troublemakers are hungry for such information. 


Any instances?

Singer Britney Spears' account on Twitter is hacked almost once every 
two months. One of the hackers even claimed on her wall, that he's her 
public relation officer and that Britney is dead, with details about the 
date and venue of her funeral.

Indian politico Shashi Tharoor's account has been hacked several times 
too. Even Big B and Aamir Khan's blog were hacked. Once a blog, website, 
social networking account is hacked, a hacker has full control over it. 
He can spread rumours, communicate with fellow criminals, and indirectly 
make you a partner in their crime. 


How would you rate the technical stylishness of terrorists?

They are far ahead. When I was asked by the US intelligence to decode 
some scripts after the 9/11 attacks, I was stunned to see the kind of 
technology they used to communicate. The agencies had tracked some 
emails where a few individuals were frequently exchanging photographs of 
Canadian rockstar Avril Lavigne. Hidden text messages that aren't 
visible to the naked eye, were being exchanged through these pictures.


What about Mumbai's 26/11 terror attacks?

For 26/11, they had used highly secured Voice Over Internet Protocol 
(VOIP) like Skype to communicate with each other. The data on VOIPs' 
servers is so huge that by the time you track them, the damage has been 
done and criminals are out of reach. The 26/11 terrorists had used the 
"proxy bouncing" technique, where in they were sending messages through 
a Saudi Arabia based server, while they were actually sitting in 
Pakistan. 


Why is tracking such messages so difficult?

They know the loopholes, and how to use them affectively. Suppose three 
terrorists A, B and C want to communicate with each other, what they do 
is create a Twitter account and follow each other, thus forming a closed 
group. So if A posts a message saying "Plant Bomb at Parliament at 11 
am", just B and C will be able to see the message. And since Twitter is 
based in the US, Indian authorities wouldn't have control over this 
exchange of messages.

Tracking messages is another problem. I will track a suspicious mail 
only if it's sent. If A wants to communicate with B, he will type an 
email and save it as a draft instead of sending it. Now B, whose has A's 
password will log in to A's account, read the mail in the "Draft" 
folder. Since the mail hasn't been sent, it becomes almost impossible to 
track it. 


How do spammers and hackers operate in social networking sphere?

There are viruses, worms, spyware and malware that spread through social 
networking websites. One day, you receive a private message from one of 
your friends (who is already infected) containing a link to a Youtube 
video. Halfway through the video, it will prompt you to download some 
video plugin. Since the message comes from your friend, you trust it, 
but the moment you click it, you get infected. Get rich quick schemes, 
earn money online scams and various money laundering attacks now come 
through social networking sites.


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Dec 01 2009 - 01:10:21 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 01:17:36 PST