Comment

Twitter hacking: A cautionary tale

Opinion writer Edward Searle looks at the recent Twitter hack and questions many internet users’ naivety towards protecting themselves on the internet

About two weeks ago my Sri-Lankan flatmate asked me if it would be safe to buy something over the internet from Amazon. It struck me how completely wary she was of online shopping when, as a whole, our generation is relatively nonchalant about the notion. But perhaps she was right to worry about the internet, as only this week, the social networking site Twitter was hacked, leaving roughly 250,000 users with their accounts compromised.

The attack was aimed at stealing passwords, usernames, emails and other data, and follows similar attacks to the Wall Street Journal and New York Times. Arguably, as only 250,000 people out of a possible 200 million users were affected, the attack was relatively low scale and unimportant. Yet when you consider that among those that may have been affected were President Obama and Vice President Joe Biden, or that they could have accessed personal information about you that nobody else knows, you begin to worry. The information security director for Twitter, Bob Lord, stated that the “attack was not the work of amateurs” and instead was the work of “highly sophisticated attackers”.

In 2011, the Sony PlayStation Network, which stores a mass of personal information and credit card, was hacked and resulted in the system being unavailable for numerous days. It seems the days of bogus websites and simple viruses are behind us. This system works by presuming that the passwords we use on sites such as Twitter will be the same as the ones that we use for our banking. Social networking sites have a large user membership and seem easier to hack than a bank directly; making them what seems to be a perfect victim. Then, to increase the risk, fake emails or direct messages will be sent to user accounts asking them to follow dangerous links in order to rectify the problem. This spam requires utmost caution, and works in similar ways to the emails we’ve all received with the subject line reading ‘Viagra’ or ‘Penis Enlargement’. The scary ease of such a hack raises the debate about whether we should keep the same passwords and usernames across the different websites we use. Are we putting ourselves at an unnecessary risk? It seems to be something that is so obvious, yet something that we all probably have slipped up on. This naivety is worrying as we could all lose so much, so quickly.

Why is it that we make the hacker’s life so much easier? There has always been a problem with passwords. It has been said that the average 6 letter lowercase password takes around ten minutes to crack. Mine are at least relatively complex, involving a combination of letters, numbers and symbols, but from what I’ve experienced I’m very much in the minority. Most of us use our names, or birthdays. Many of us write our passwords down, which is fair enough, but then leave them in the most obvious place. The diary, the notice board, in a computer file labelled ‘passwords’. My other flatmate has all of his listed on a whiteboard above his desk, the same desk where his laptop can usually be found unattended. Signing him up for online dating or spamming his Facebook is amusing, yet it illuminates how easy it is to access something which you’re not supposed. In a world of hacking and fraud, which can strike so easily and at any given time, it’s bewildering that we don’t do more to guard against such risks.

css.php