So I Googled your name and found.. a Twitter phishing attack! [video]

Sometimes they claim to have found a funny picture of you, say that you look like you've lost weight, or that there's a horrible blog going around about you.

Whatever the nature of the disguise used by phishing attacks on Twitter, the modus operandi is always the same. Scammers will send you a message, possibly from the compromised account of one of your Twitter followers, and use a social engineering lure to trick you into clicking on the link.

And that link will, inevitably, lead to a fake Twitter login page - designed to grab your username and password which can then be used to send out more spam, or to break into your other online accounts.

Here's the latest attack, which arrives in the form of a Direct Message (DM) from one of your Twitter pals, claiming that they have searched for you on Google and found some "really funny stuff" about you.

so i googled your name and found some really funny stuff about you lol its archived here [LINK]

Would you click on the link? Well, if you were tempted to do so your web browser would end up on a fake Twitter page just waiting for you to enter your username and password.



And if you do enter your details, you've been phished. Ouch.
Hopefully, you're not one of the many people who use the same password on multiple websites - otherwise cybercriminals might not just be able to send spam from your Twitter account, they may also have just been handed the skeleton keys for other parts of your online existence.

That could mean that scammers can now steal your personal information for financial gain.



If you found your Twitter account was one of those sending out the phishing messages, you shouldn't just change your password and consider if you are using the same password elsewhere. It's also a sensible time to look again at how you choose your passwords.

For instance, it's important that you don't use a word from the dictionary as your password. It's easy to understand why computer users pick dictionary words as they're much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Password security is becoming more important than ever. Make sure that you're taking the issue seriously, or suffer the consequences.

There's some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in "Account Settings", and revoke access for any third-party application that you don't recognise.

Follow me on Twitter if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.

Read More...

NHS Direct Twitter account compromised by Acai Berry diet spammers

NHS Direct, the UK helpline which provides expert health advice via the telephone and internet, has had its Twitter account taken over by spammers promoting an Acai Berry diet.

At 10:40pm UK time on Sunday night, the NHS Direct Twitter account posted the following message:

Are you wanting to lose some weight? i highly suggest this [LINK]

Because the NHS Direct service is well-known in the UK for providing health advice, it's possible that some followers might have thought that the link was genuine, and clicked on it.

Fortunately, Twitter is now identifying the webpage pointed to by the shortened link as "potentially harmful", but anyone who had clicked would have been taken to a bogus news website promoting an Acai Berry diet:


The sneaky marketroids trying to sell their diet pills present their webpage as though it were an online news report.

Eagle-eyed readers may notice that the diet website appears to be remarkably similar to the Acai Berry website linked to in another recent attack - where a BBC Rugby correspondent mysteriously started tweeting messages about needing to lose a few pounds.

What's not clear is just how the @NHSDirect Twitter account was hacked. It could be that the password was compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach.

After all, too many users (perhaps as many as a third) are still using the same password for every website they access.
My hunch, however, is that NHS Direct's Twitter account has been phished - maybe by something like the current "Horrible blog going about you" attack.

If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word - and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.

Aside from changing your passwords, it would also make sense to scan your computer with an up-to-date anti-virus and check that you have the latest security patches in place.

If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.

Read More...

Horrible blog going around about you? Or a Twitter phishing attack?

You may not realise it, but your Twitter account is worth money.

Cybercriminals are keen to compromise your Twitter account, so they can spam out messages (either as public tweets, or less obvious direct messages to your online friends) in the hope that some recipients will click on the links.

What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer.

But first they need to commandeer your Twitter account, and the simplest way for them to do this is just to ask you for your Twitter username and password.
Here's an example of the latest attack that has been seen on Twitter. The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link:

Read this yet? horrible blog going around about you [LINK]

In the example above, the DM has come from an account that has already fallen victim to the scammers. Ironically in this example, shared with us by Naked Security reader @basexperience, the owner of the account which has been taken over by cybercriminals is a division of the UK's Sussex Police Force. Whoops.
So, what happens if you click on the link?
Well, you'll be taken - via some redirects - to a website which looks like this.



At this point, you think that your Twitter session has timed out - and you may well be tempted to enter your userid and password.

Stop. Right. There.

Let's take a closer look.



Did you notice? This site isn't the real twitter.com - it's a lookalike phishing site called "twittelr", designed to steal your login credentials so cybercriminals can use your account to spew out spams, scams and other nasty links. They could even read your private DMs if they wanted.

If your Twitter account has been sending out messages that you didn't authorise, change your password immediately (make sure it's unique, and you're not using it anywhere else on the web), and visit Settings/Connections to double-check that you have only allowed applications you are comfortable with to integrate with your account.

Read More...

Facebook/Twitter hacks by "friends" on the rise for teens and young adults

BullyA new survey of American teenagers and young adults has discovered that three out of every 10 have had their Facebook, Twitter or MySpace accounts broken into for the purposes of snooping or impersonation.

And most know who was responsible.

The poll, conducted by Associated Press-MTV, asked a total of 1355 people between the ages of 14 and 24 about their experiences online, and suggests that the problem has doubled since 2009.

A typical scenario would be a young person leaving their computer unlocked while they leave the room, or forgetting to log out of Facebook, Twitter or an email account, giving someone else present the opportunity to snoop on emails or post an embarrassing status update using the account owner's name. Richard Lindenfelzer, a 20-year-old student from Ithaca College in New York, explained how he had left his Facebook account open, giving a friend an opportunity to post comments about his love life.

"It's meant to be funny. It's supposed to be obvious that this something I would never say," explained Lindenfelzer.

Does everyone really find it so funny though?

Clearly some people are amused by their friends' antics, but the poll found that 46 percent of people were left upset by having their online accounts intruded upon.

In some cases, it may be bitchy schoolmates who are posting hurtful things on your Facebook page in your name, designed to humiliate you. Or someone snooping on their boyfriend or girlfriend's private messages.

It's understandable that many of the victims can feel violated and distressed when their password is guessed or stolen, or a momentary lapse means they left their account open for someone unauthorised to gain access.

PrivacyThe fact is that unauthorised access to an online account is illegal in most countries. By sending a message from somebody else's email account without permission, or posting an offending tweet or status update, you're both breaking the law and showing disrespect to the privacy of your friend or classmate.

Two-thirds of those who said they had been hacked confirmed that at some point they had changed their passwords as a result of the incident. 46% went further, and said they had changed their email addresses, screen name or phone number. 25% had actually taken the step of deleting a social networking account.

The world is changing, and the wide access to the internet and social networking sites are presenting young people with new issues that earlier generations simply did not have to face. We all have to learn how to behave appropriately and with respect, and not think that just because something can be done (for instance, logging into a friend's email or Facebook) that it should be done.

A Thin LineIf you act unconcerned when a friend posts a vulgar status update in your name, or blasts out an email from your account without your permission, then you are tacitly approving of the behaviour in general and not helping spread the message that accounts are supposed to be private to the individual. Read More...

Anonymous Twitter Alternative Created For Protesters & Revolutionaries

There was a mass of news back in August about the London riots and how social media (especially Twitter) and the BlackBerry Messenger service (BBM) enabled the rioters to organize themselves via broadcast messages and tweets.

After discovering a lot of rioters got busted from their Tweets and BBM messages (which are of course traceable) – some smart fella game up with a new form of instant messaging anonymously. It works in a geographic location and allows you to broadcast messages within a certain locality that expire after a certain time.

This comes not long after the Anonymous social network Anon+/AnonPlus was announced back in July 2011.

After discovering that BBM and their Twittery playthings fed straight into the hands of the cops, smartphone-toting revolutionaries have taken up a new type of instant messaging – Vibe.

Like Twitter in that it is open and lets you mass-message, Vibe is unlike Twitter in that all messages or “vibes” are anonymous. You can set how far you want them to be available too – from 15 metres to global.

The messages self-destruct after a set period of time: from 15 minutes to forever. That makes it much more attractive to those who want to bring down the Man via the medium of street protest, but don’t want the Man, or their mothers, or the police looking at twitpics of themselves jumping up and down on burning bin-bags.

According to the New York papers, Vibe is now the instant messaging app of choice for the protesters at Manhattan’s #OccupyWallStreet.

It’s an interesting concept and I do think it has a certain place amongst anarchists, activists street protesters and rioters. Case in point – it’s been picked up by the Wall Street protesters, you can search the Twitter hashtag #OccupyWallStreet to see what’s going on with them.

If you have no idea what it’s about at all, check Wikipedia here – Occupy Wall Street
The application itself has a very ‘innocent’ description on iTunes – “Discover and join the vibe around your city, neighborhood, or building. Chat anonymously with people nearby without necessarily knowing them!”
But we all know full well, that’s not it’s main purpose.

Though it is innocently described on the iTunes store as a good way to chat to other people near you at football games or conferences, developer Hazem Sayed is actively keen for his app to be adopted by the protesters – flying out to the Manhattan protest from California with leaflets about his app explaining its uses.

It seems to be catching on:

The NY Daily News interviewed protester Drew Hornbein, a member of the camp’s Internet Committee, who explained its uses to the paper:

 “Let’s say you’re protesting and someone up ahead sees that the cops are getting ready to kettle people, they can send out this vibe that only lasts a few minutes that says, ‘Cops are kettling’,” said Hornbein.

“It’s anonymous too, so not only are you able to send out relevant information to a small radius, but it also disappears, there’s no record of it, so no one can come after the person who sent it.”

It’s a pretty neat use of technology I have to say and I’m wondering if it’s going to picked up by the community and groups such as Anonymous.

The downside, it’s an iOS app so if Apple gets put under pressure or feels the app is being used under nefarious circumstances – they can just pull the plug on it.

You can read more about the app on iTunes here:

Vibe By Zami.com Read More...

How to stop Facebook, Google+, and Twitter from tracking you

You realize how much your browsing is centrally tracked, right? Or do you? Here's how to keep those busybodies off your tail

I conducted a completely nonscientific, haphazard public poll at a bar one evening last week. I asked a variety of people if they thought that Facebook knew what sites they visit that aren't Facebook. The results were all over the map, with many folks laughing and saying, "Probably, right?"

I then asked them: "If it's true that Facebook is tracking your browsing habits, would that a problem for you?" Most answered yes, reflected for a second, looked a little concerned, and asked me if it were true.

[ Also on InfoWorld.com: Take a tour of Facebook's greatest missteps in the slideshow, "Facebook's biggest faceplants." | Get the latest news and insight on the tech industry from the InfoWorld Daily newsletter. ]

The answer is that yes, it's true -- but not for every site. Those of us who know how the Web works know that every time you visit a page with a Facebook, Google+, or Twitter link, the code behind that link actually comes from Facebook or Twitter servers, so if you're surfing to that page with the same browser that you're currently logged into Facebook or Twitter with, then they know you're on that site. They know how long you spent on that site, how often you visit, and so forth. It's all very simple to do. Yet most people are cheerfully oblivious to this fact.

The informed few take special precautions to eliminate or at least reduce their exposure. Several browser plug-ins can help control cookie dispensation -- and some browsers have a form of this capability built right in. The default for all of them, however, is to allow all cookies. Thus, millions of people blithely allow their Internet movements to be tracked by anyone with enough of a footprint, like Facebook, Google, and Twitter. And this information is not anonymous. It's tied to the account, which in many cases is tied directly to your identity. If someone at any of these companies wants to find out what you -- specifically you -- do online, it's a matter of a simple search. Ta-daa.

There's no getting around Google without the use of tor or anonymizing proxies, which can be annoying and slow, but using plug-ins like Track Me Not that send random search queries to Google from Firefox means that your actual search queries are mixed in with dozens of others and determining what you actually searched for becomes more challenging. Coupling that with the use of Gmail via IMAP and never logging into a Google service further reduces the amount of data that can be gathered.

For normal people, this situation is extremely difficult to control. It's easy enough to remember to lock your door when you leave your house, but this requires careful inspection of relatively arcane cookies in your browser, not to mention the problems related to disabling certain cookies for certain sites and thus breaking the session. Rather than simply closing your own drapes, it's more like trying to close the drapes of all your neighbors, and making sure that no cars drive by. It's simply impractical.

The common solution to this is ornery, but functional: Use a different browser. I relegate Chrome to this task and use it exclusively for social networking and anything tied to common cookies, like Google. The kind and trustworthy folks at Facebook, Google, and Twitter must think that all I do is go to Google, Facebook, Twitter, and this page, because that's all that browser does. Is that a waste of local resources? Sure. Chrome is chewing on a vsize of 950MB right now and consuming some CPU cycles. Is the trade-off worth it? Most definitely.

When I mentioned this scenario to those concerned folks at the bar, they were all genuinely puzzled. Why would anyone do such a thing? It's like wearing two pairs of underwear, right? When I detailed how this method protects your privacy, some got it and vowed to do the same thing.

Others didn't get it at all and didn't care (and after a few beers, who cares about privacy, amirite?). They are either the vanguard of a much more open and relaxed society that doesn't get upset when highly personal information is readily available to faceless people behind faceless servers and could easily be made available to anyone, or they're going to be the ones getting fired when leaked data shows their late-night adult video browsing habits in excruciating detail. In fact, with the new Facebook Timeline, they may not need a leak at all, it'll just show up on their page. Hooray.

Personally, I'm not taking any chances. I'll be keeping my social network interactions firewalled in their own browser. Shouldn't you?

 

Read More...

USA Today's Twitter account falls foul of hackers

USA Today is the latest high profile Twitter account to have fallen victim to a group of hackers.

A group calling themselves the Script Kiddies have claimed responsibility for the hack, which involved posting a series of messages to the official USA Today Twitter account, including:

"Fox News, Wal-mart, Unilevel, Pfizer, NBC and now USA Today. who's next? Vote now! [LINK]"

and

"Please like The Script Kiddies on Facebook! You could choose our next target!"

Fortunately, USA Today was able to regain control of the account (with some assistance from Twitter) before any serious harm could be caused. The newspaper tweeted an apology to its followers:



The Script Kiddies group has previously claimed responsibility for hacking into the NBC News Twitter account to post fake news reports of a terrorist attack involving planes in New York, defacing Pfizer's Facebook page and breaking into the Fox News Politics Twitter account to post a bogus announcement about the death of Barack Obama.

It's unclear how the USA Today Twitter account was compromised, but there was speculation that the hack by the same group against NBC News's Twitter account was assisted by a spyware Trojan horse.

The Script Kiddies might believe that their hacks against media organisations are just childish pranks, but it's unlikely that the authorities find them amusing. The more social media accounts that they target, the more the computer crime police will be keen to bring them to justice.

As always, we recommend that social networking users ensure that they keep their security software up-to-date, choose hard-to-crack passwords and do not use the same password in more than one place.

nb : nakedsecurity.sophos

Read More...

DroidSheep Android App Hijacks Sessions in One Click, Developer Meant Well

Following the success of the Firesheep application, a new Android application called DroidSheep allows users to hijack Web sessions of popular online services over insecure Wifi connections.

DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including Facebook.com, Flickr.com, Twitter.com, Linkedin.com, and non-encrypted services like “maps” on Google. DroidSheep’s official website claims that the app will work on almost any website that uses cookies.

It’s a pretty simple process once downloaded, a user only has to start running DroidSheep, click start, and wait for someone to connect to a given service on the same wifi network, at which point the user will be prompted on whether or not they want to jump in on that session.

All a user needs is a device that runs Android version 2.1 or higher, whether that device is a smartphone or some sort of tablet, with root access (and the app itself, obviously).

DroidSheep supports OPEN, WEP, WPA, and WPA2 secured networks, using a DNS-Spoofing attack on the last two.

As with the original FireSheep application, the developers of DroidSheep note that their application is “NOT INTENDED TO STEAL IDENTITIES,” but to show the weak security properties of big websites.

The release of a Firefox extension called “FireSheep” at the 2010 ToorCon conference caused an uproar, and prompted popular services like Facebook and Twitter among others to implement secure browsing features. It also helped fuel a larger discussion about the necessity of utilizing HTTPS encryption across the Web.




nb : threatpost Read More...

Gleeonsky - first UK Promoted Tweets exploited by spammers

Surprise surprise. Within minutes of Twitter announcing that UK brands can now target British Twitter users with promoted tweets and trends, spammers are also jumping on the bandwagon.

Twitter UK says that Sky is using its entire suite of promoted products to advertise that the TV show "Glee" returns to British TV screens tonight.

To increase awareness, Sky is using the twitter account @gleeonsky and paying for the hashtag #gleeonsky to be promoted to British Twitter users.

Of course, they're not the only ones taking advantage of the hashtag. Spammers are using it too.



I suspect that when Sky paid for the #gleeonsky hashtag to be promoted on Twitter, this isn't the kind of response they were hoping for. They wanted people to watch the TV show on Sky tonight, not to go hunting for hot photographs of Natalie Portman, Jessica Alba, Selena Gomez and others..

These aren't mischievous Twitter users, these are spam accounts set up specifically for the purposes of blurting out a message using a popular hashtag. In this case, #gleeonsky.

The spammers don't care that their accounts get reported and shut down by Twitter security, because they just create another one. And remember, they don't have to do this by hand - the whole process can be automated.

The danger is that unsuspecting users curious about a hot trend like the promoted #gleeonsky might click on one of the dodgy links above.

By the way, if they do click, Twitter users may find that they are taken to a website like this:

Of course, the spammers can choose to redirect you to any webpage they like once you have clicked on the link. It could be a phishing site designed to steal your Twitter credentials, it could be a fake pharmacy, it could be a porn site or it could be a website harbouring malware.

Exploiting trending Twitter hashtags is nothing new. But as the company's business model relies more and more heavily upon convincing companies to pay big money to promote their brands in this way, there will be more pressure on Twitter to police abuse on their site and clean-up offending tweets.

nb : nakedsecurity.sophos

Read More...

Massachusetts Attorney General to investigate iTunes fraud

Massachusetts Attorney General Martha Coakley announced Tuesday that her office will be investigating Apple Computers to determine if they are in compliance with her state's data breach notification laws.

Coakley spoke at a business luncheon at the Massachusetts' Advanced Cyber Security Center (ACSC), where she was reaching out to business leaders to assure them that compliance with the regulations would not be burdensome if they simply complied with the notification requirements.

Coakley herself was a victim of identity theft recently and her stolen credit card details were used to successfully make fraudulent iTunes purchases.

Has Apple's luck run out in denying there might be an issue with iTunes security?
Perhaps Coakley should contact Apple's friends at the San Francisco Police Department to help track down the thieves?

It will be interesting to see the results of the investigation, but I think Coakley is barking up the wrong tree.

While there are many creative criminals trying to leverage iTunes to launder their money and steal content, none have been the result of a data breach at Apple (to my knowledge).

Does Apple have some responsibility in all of this? Sure. They have not put in technical measures to better secure iTunes accounts or purchases made from iOS devices.

Many users choose poor passwords for iTunes and the App Store because they must enter this password from their mobile device. Entering a complex 20 character passphrase with punctuation isn't something most of us choose to do from our phones.

The other common problem is password re-use. Many friends of mine have had their iTunes accounts compromised after other major data loss events at other organizations.

Attackers will frequently use purloined emails and passwords to attempt authentication at Facebook, Twitter, Gmail and iTunes. If you aren't using unique passwords for sensitive accounts you may have your account used for a scam as well.

While it might be a pain to have a secure password for your iTunes purchases, it's your credit card and reputation that's at risk. Choose a passphrase wisely.
If the Attorney General's office finds Apple in breach of the Massachusetts law it could have far reaching implications for businesses with customers in the state. Follow Naked Security for further developments to this story.

nb : nakedsecurity.sophos

Read More...

Should you trust this 'BBC' news report? Work from home scam spammed out

Who do you trust online?

Your friends? Lady Gaga? The media? How about the BBC?

If you read a news story on the BBC website, would you trust what it was saying?

A Naked Security reader forwarded us this interesting email which (fortunately) had been quarantined by his anti-spam defences. What's particularly interesting is the webpage to which it links.



If you were tempted to click on the link are taken to a website which looks like this.



A pretty convincing replica of the BBC website. But, of course, it's not the real BBC News website at www.bbc.co.uk/news, but instead a page that is copying the popular site's graphics and style.

The URL in the address bar might be a giveaway, if you were watching carefully enough.



And see how it refers to a housewife in Abingdon - that's because I was in Abingdon, just outside Oxford, UK, when I visited the webpage. The site has tailored its content to appear more compelling to me by determining where in the world I am.

If I had visited from Bhutan, Botswana or Bognor I would have been told the single mother lived in those places instead.

The purpose of the spam campaign, and the bogus BBC website, is to try to convince you to sign up for a working from home scheme.


As they're using subterfuge to promote their scheme - my advice would be to keep your distance.

nb : nakedsecurity.sophos

Read More...

Bank of Melbourne Twitter account hacked, spreading phishing links

Summary: The Twitter account of Bank of Melbourne was compromised last Wednesday, and was used to spread phishing links as direct messages to the account followers.

The Twitter account of Bank of Melbourne was compromised last Wednesday, and was used to spread phishing links as direct messages to the account followers, according to reports coming in from affected users.
In a tweet, the bank said that:

ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience. ^TT

Followed by another one, once the incident was resolved:

Thanks for all your support. We take security very seriously & will be strengthening our policies to further protect our social channels ^TT

It’s worth discussing how Bank of Melbourne got is social channel hacked in the first place. Moreover, what contributed to the ease of obtaining the login credentials for their Twitter account?

For starters, it would have been highly impractical to brute force the password for their Twitter account, no matter the fact that the CAPTCHA-solving process could be outsourced to vendors offering CAPTCHA-solving services to assist in brute forcing attacks.

Judging by the fact that the malicious attackers didn’t just spread a prank or hacktivist message using the stolen credentials, it is highly likely that the attacker has a relatively advanced understanding of how the cybercrime ecosystem works.
By spamvertising the phishing link using direct messages as an evasive element of the campaign, the attacker is attempting to take advantage of the trust factor established by the nature of direct messages.

Was Bank of Melbourne a victim of phishing attack, is there any chance that a malware-infected host within their network was successfully data mined for stolen Twitter credentials.

What do you think?

nb : zdnet Read More...

BBC Sport in Rugby World Cup Twitter spam slip-up

A compromised Twitter account has resulted in the embarrassing broadcast of a spam message via the BBC's website.

More and more TV stations are encouraging both their staff and their viewers to jump onboard the social media bandwagon, and use the likes of Twitter to interact and keep up-to-date with the latest developments. But if you don't take care, you may end up with some egg on your face.

Take, for example, BBC Sport's extensive online coverage of the Rugby World Cup, where alongside the match reports and videos you can also follow the latest tweets from the BBC's Rugby correspondents.



It sounds like a terrific idea - a great way for sports fans to keep up with the latest developments from the BBC's team of experts. But take a closer look and you'll find that Jim Mason, BBC Scotland's rugby correspondent, appears to have had his Twitter account compromised. Overnight it sent out a spam message encouraging people to investigate an Acai Berry diet.

Serious about shedding a few pounds? read this its interesting! [LINK]

Jim only has a few hundred followers of his Twitter account, so this spam won't have had a huge impact there. But because it has been syndicated to a much wider audience via the BBC's sports website it has the potential reach many more people and - of course - increase embarrassment for the corporation.

Some 14 hours after the tweet first appeared, it still hasn't been deleted - and is still appearing on the BBC's website.

If you were to click on the link (I wouldn't recommend it) you will be taken to a website that poses as a fake news page, promoting the miracle Acai Berry diet.


My guess would be that Jim's Twitter password has been phished. He should change it immediately, and ensure that he is not using the same password on any other website.

And if you're a media organisation - consider how you're going to handle an authorised Twitter message appearing on your website. This time it was just spam, but it could have been something much more malicious.

nb : nakedsecurity.sophos

Read More...

Fake FBI Anonymous psychological profile: a lesson to all internet users

The faceless power of Anonymous rages on.
Like headless horsemen, they gallop across the internet, intent on causing massive headaches and embarrassment for some, while keeping their fans and the media informed via social media.

Sounds even too good for a Hollywood movie plot. You couldn't make it up.

But it turns out that someone did make up the recently disclosed FBI document 'Psychological Profile of the Anonymous Key Personalities' [PDF].

And the story was covered by several reputable media outlets, though admittedly some voiced skepticism.

On September 8, Anonymous used Twitter and Tumblr to distribute the fake document.



The question is why did anyone ever think it was real?

• Why would Anonymous leak a document that would put their esteemed leaders at risk?
• Why would the FBI actually use Wikipedia as their sole information source for Anonymous's background?
• The codename for the field informant is Marotte (which means prop stick, dummy head or fad)
• Looking at the copious typos and grammar glitches in the document, would the FBI have a profiler without a basic grasp of written communication?

So all this made us at Naked Security a bit suspicious at the time. So no surprise that this so-called FBI document turns out that it is a fake.

The thing is though, it does make for interesting lunchtime reading. I absolutely love some of the profiles in this faux document.

It defines "Kayla" as a violent, amoral bisexual with an inferiority complex, and "Topiary" as a youthful, obsessive idealist, possibly afflicted with Aspergers.

Forgive the quasi-psychology here - couldn't a fake document, if indeed it is written by the Anonymous leaders, be used to help the FBI and other authorities better understand the collective? What seems like nonsense to its authors could accidentally reveal some interesting insights for those that analyse and pigeon-hole personalities.

That said, some of you might remember that great article by Malcolm Gladwell where he concludes that criminal profiling isn't all that helpful to the capture of wanted criminals.

So what is the upshot? Whoever is involved in writing this didn't waste the FBI's time with this forgery, because they must have been aware from the get-go that this did not originate from their internal team.

Those responsible for the document did however manage to get the internet, media and bloggers yacking about it. Yes, even me. Anonymous have notoriety because many people have written about it. And if Anonymous did indeed pull this together, they have just lied to their online followers. tsk tsk.

Please, can we all make sure we take this collective's word with a grain of salt next time?

nb : nakedsecurity.sophos

Read More...

How to deal with an internet troll

British comedian Dom Joly has contacted the police, after an internet troll made abusive comments about his children via Twitter.

The star of "Trigger Happy TV" was upset that a Twitter user called @deathtojolykids sent a string of offensive messages, including ones hoping that the comic's children got cancer.

Joly managed to get the Twitter account suspended, and filed a complaint with his local police force asking them to investigate.

Earlier this week, in a separate incident, a man was jailed by a British court for 18 weeks for leaving hurtful messages on Facebook and YouTube memorial sites.

25-year-old Sean Duffy, was imprisoned after pleading guilty to two counts of "sending a communication of an indecent or offensive nature." His victims had included the family and friends of teenager Natasha MacBryde who had killed herself after being bullied.

Duffy had posted the upsetting comments, despite never even having met Miss MacBryde.

The internet is full of trolls

The internet can turn people who might appear perfectly pleasant if you met them face-to-face into ugly trolls online.

The fact is that it's a lot easier to be downright rude and offensive via a computer than if you're standing opposite someone. Sitting in front of a keyboard and monitor can make us forget that there's a real human being with feelings, reading the message at the other end.

Trolls take this to an extreme, revelling in the chaos they can stir up on an internet message board - the more people they offend, the better in their book as they purposely cause trouble.

Don't feed the trolls

The first piece of advice is one that should be familiar to us from fairy stories: "DON'T FEED THE TROLL".
If an internet troll is demanding attention, don't give them any.

Responding to them can just feed the flames, and encourage them to post more offensive remarks. Eventually they should grow bored and disappear.

As tempting as it is to fight fire with fire, you'll only be pouring fuel on the flames if you respond in kind.

Blocking and reporting trolls

When a troll stops being merely annoying, and is plainly harassing you then things get more serious. You should report the behaviour to the internet site you're using (such as Facebook), and block them - if possible - from contacting you again.
If you feel that the social network isn't being responsive, maybe you can get the media to apply some pressure?

You may have to be inventive to get the problem sorted. In my own experience, when my family was threatened by Facebook users, I found Facebook unresponsive and unwilling to remove highly offensive Photoshopped images until I complained that they might be a breach of copyright!

Physical threats against you and your family should be reported to the police, who should take a threat delivered via the net as seriously as one sent via the post or delivered via telephone.

If you're setting up an online tribute site, it can make sense to not make it open to the general public but request that people ask permission to join it. That way, you can delete any upsetting messages and banish any trolls who are merely there to cause offence.

No magic wand

It's a sad reality that trolls will always exist - we can't wave a wand and make them disappear entirely from the internet. But we can reduce the opportunities for them to cause trouble, and we can perhaps make them realise that what they're doing is destructive.

How trolls could make the internet a less safe place

What trolls might do well to realise is this - their antisocial activities, normally hidden behind a cloak of fake names and pseudonyms, plays into the hands of those who would like to do away with anonymity on the internet.

Do you really want to live in an internet world where anonymity has been banned, preventing freedom of speech and stomping on those who have a genuine need to keep their identity secret?

Don't feed the trolls, but most importantly - don't be a troll. You could make life worse for everyone.

nb : nakedsecurity.sophos

Read More...

Script Kiddies Lay Claim To NBC News Twitter Account Hack

There was a bit of a buzz on the 10th anniversary of 9/11 when the NBC News Twitter account was hacking and started posting updates regarding a repeated terrorist attack against ground zero.

It only lasted a few minutes but as the account has 120,000 followers – it caused quite a stir. It’s not known how the hackers who call themselves ‘Script Kiddies’ got access to the account, but my guess would be social engineering.

Hackers calling themselves the Script Kiddies took control of the NBC News Twitter account on Friday afternoon and used it to send out a series of hoax Twitter messages claiming there was a repeat terrorist attack on New York’s Ground Zero.

The Script Kiddies had control of the account, which has more than 120,000 followers, for about 10 minutes before it was suspended.

During that time they sent three messages stating that hijackers had crashed two airplanes on the site of the Sept. 11, 2001, terrorist attacks. “This is not a joke, Ground Zero has just been attacked. We’re attempting to get reporters on the scene. #groundzeroattacked.” said one of the messages.

Then, a minute later, perhaps sensing that the jig was up, they wrote. “NBCNEWS hacked by The Script Kiddies. Follow them at @s_kiddies!”
That s_kiddies Twitter account was immediately suspended, but according to a cached version of the page, the group describes themselves as “Anonymous Supporters :: Hackers :: Exploiting simplistic methods with hilarious results :: Occasionally doing it for teh lulz :: We are The Script Kiddies.”

The hack was brought to an abrupt end fairly shortly and the perpetrators own Twitter account was also suspended – @s_kiddies.

No major damage was done, but it does interest me as to how this was achieved – it has happened numerous times to celebrities on Twitter. I would have thought a fairly serious news organization would have better controls and processes in place though.

This hack doesn’t have anything to do with the Anonymous group though, it seems to be for the lulz more than anything else.

This type of account compromise is a regular occurrence on Twitter, although it is typically celebrities, and not trusted news organizations, that fall victim. Often the accounts are taken over following a phishing attack. Script Kiddies did not respond to an email asking them how they managed to take over the NBC News account.

Script kiddies is a hacking term, referring to technically unsophisticated hackers who rely on automated scripts rather than hacking wiles to conduct their online attacks.

Friday wasn’t exactly a gold star day for accuracy on Twitter. Earlier in the day, an account associated with CBS News show “What’s Trending” erroneously posted a Twitter message citing rumors that Apple founder Steve Jobs had died. That message was quickly deleted and “What’s Trending” apologized.

I guess this may well be the new Web2.0 version of defacement for a new generation of Script Kiddies – breaking into high profile Twitter/Facebook accounts and spamming them with humorous or offensive updates.

I don’t think there will be any more to this story than what has already been published, I’m sure we’ll see many more similar cases in the future though.

nb : darknet Read More...

Twitter hackers spread Ground Zero attack scare before account suspension

 
Hackers posted fake tweets of attack at Ground Zero, above, after hacking into the twitter account of NBC News. Photograph: Mark Lennihan/AP
 
Twitter acted swiftly to suspend the account of a so-called 'hacktivist' group which was suspected of gaining control of the official NBC News twitter account and posting messages claiming that another attack was underway at New York's Ground Zero. Coming two days before the tenth anniversary of the 9/11 attacks, the prank by a group calling themselves the 'script kiddies' was greeted with widespread opprobrium from other twitter users. "Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. More as the story develops," the hackers wrote in one of the fake tweets sent out from the NBC account. They added: "Flight 4782 is not responding, suspected hijacking. One plane just hit Ground Zero site at 5:47. #groundzeroattacked. "This is not a joke, Ground Zero has just been attacked. We're attempting to get reporters on the scene #groundzeroattacked." The group claimed responsibility by tweeting on the hacked account: "NBCNEWS hacked by The Script Kiddies. Follow them at @s_kiddies!" NBC News sent the Guardian the following statement: "The NBC News twitter account was hacked late this afternoon and as a result, false reports of a plane attack on ground zero were sent to @NBCNews followers. We are working with Twitter to correct the situation and sincerely apologize for the scare that could have been caused by such a reckless and irresponsible act. Luke Russert, who covers politics for NBC News, also tweeted: "Please ignore NOT TRUE tweets coming from @NBC News. We got hacked by tasteless despicable attention seeking criminals." Some experts suspect that script kiddies, who are thought to have hacked a Fox News account two weeks ago, are British although this had not been confirmed. They are thought to hack accounts by getting the password through infected direct messages, other fake links or malware. The hack came as the US was on alert following what is being described as "credible but unconfirmed" information that a terrorist attack is being planned in New York or in Washington. Extra bomb sweeps, dog patrols, surveillance of tunnels and bridges and vehicle checkpoints have been ordered after warnings of a plot to launch a vehicle bomb attack, believed to be in the form of a single piece of intelligence, were first received on Wednesday night. The US vice-president, Joe Biden, said on Friday that there was no confirmation that anyone had travelled into the US for such a plot although the tip came from a credible source. "There's no certitude," he said. nb : guardian

Read More...

Anonymous and LulzSec case: four accused males appear in court

 

They were arrested earlier this year by police investigating online attacks by Anonymous and LulzSec, above

Four British males have been banned from using online nicknames after they appeared in court charged with attacks connected to Anonymous and LulzSec.

The four men – Peter David Gibson, 22, Ashley Rhodes, 26, Christopher Weatherhead, 20, and a 17-year-old student – were released on bail after the hearing at Westminster magistrates court on Wednesday morning.

The group's bail conditions mean they are prohibited from using specific online nicknames on sites including Facebook and Twitter.

Gibson, from Hartlepool, is banned from using the name "Peter" on the internet. Weatherhead, from Northampton, is prohibited from using "Nerdo"; Rhodes, from Kennington, south London, cannot use "NikonElite", and the 17-year-old, from Chester, is also banned from using his online nickname.

The four men are also banned using so-called "internet relay chats", the online forums where Anonymous members are alleged to have coordinated many of the attacks.

The four men are separately charged with conspiracy to carry out an unauthorised act in relation to a computer. They were arrested earlier this year by police investigating online attacks by the notorious hacking groups Anonymous and LulzSec.

Rhodes, the oldest of the group who was arrested in September, appeared in court dressed in a grey waistcoat over a black shirt, with short dark hair.

Weatherhead, who was also arrested in September, wore a blue shirt under a short black jacket. Gibson has been on police bail since his arrest in April. He wore a smart grey suit, with a white open-necked shirt.

They will appear at Southwark crown court on 18 November for a plea and case management hearing.

nb : guardian

Read More...

Iranian net users hacked after security breach in Holland

Hackers used stolen security certificates to monitor Google visits, social media use and other online activity in Iran

 

Hackers have targeted Iranian web users using security certificates stolen from a Dutch IT firm. Photograph: Getty Images

 

About 300,000 Internet users in Iran were spied on last month by one or several hackers who stole security certificates from a Dutch IT firm, according to a report presented by the Dutch government.

Using certificates stolen from DigiNotar, the hacker – or hackers – monitored people as they visited Google, stole their passwords and obtained access to other services such as Facebook and Twitter, said another IT firm Fox-IT, which wrote the report.

Stolen certificates enable hackers to monitor web surfers without their knowing by pretending they are securely connected.

The report, which interior minister Henk Donner sent to the Dutch parliament, confirmed a statement last week from Google when it said that it had received reports of attacks on Google users and that "the people affected were primarily located in Iran".

"The list of domains and the fact that 99% of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," Fox-IT said.

Social media such as Twitter and YouTube were used during protests in Iran after presidential elections in 2009, and Iranian authorities have been trying to fight opposition on the internet, said Afshin Ellian, who fled Iran in the 1980s and is now a professor at Leiden University's law faculty.

"Tehran wants to be aware of oppositional activities inside and outside Iran. Using that information they can forcefully act against the opposition," Ellian said in his blog on Dutch magazine Elsevier's website.

In April, there were signs Iran was helping Syria crush anti-government protests with advice on monitoring and blocking internet use, a US official said at the time.

Donner told reporters he had not been able confirm that the certificates were hacked by Iranian state authorities.

"The only thing we have been able to establish is that the people who complained were in Iran," Donner said.
The Dutch government said on Sunday that state websites may no longer be safe following the DigiNotar attack and the cabinet was investigating whether they were were hacked by Iran.

The hackers also fabricated certificates for websites belonging to Israel's intelligence service, Mossad, the CIA and Britain's secret intelligence service, MI6, as well as other sites such as AOL and Microsoft, Fox-IT said.

The hackers left their fingerprint with the Persian words '"Janam Fadaye Rahbar", meaning "I will sacrifice my soul for my leader". An identical message was left when IT company Comodo was attacked in March.
DigiNotar's network and procedures had not been "sufficiently secure" to prevent the attack, Fox-IT said.
"The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers," Fox-IT said.

The Dutch government was investigating a hacking case against DigiNotar, and the company was held responsible for possible negligence, Donner said in a letter to parliament.

"We are looking at the criminal and civil responsibility. The company and its US mother company are co-operating," Donner said.

DigiNotar is owned by US.-listed IT firm VASCO Data Security International, which said in a statement earlier on Monday it did not expect the incident to have a significant impact on its future revenue or business plans.

nb : guardian

Read More...

Anonymous Goes To Hollywood, Targets Jenny Garth, Miley Cyrus, Kreayshawn, Others

 A new faction of hacktivist collective Anonymous appears to be setting its crosshairs not on NATO or government contractors but on a much fatter (or is it fatuous?) target: celebrities.

The splinter group dubbed "Hollywood Leaks" has begun to make waves in the entertainment industry over the last week, leaking celebrities’ phone numbers, unreleased movie scripts and nude photos.According to a report on CSO’s Australian site, the offshoot group has been distributing its leaks via the Twitter account HWLeaks. Anonymous’ motto, “We do not forgive, we do not forget, expect us,” rounds out the profile.

When pressed in an interview for an explanation of the group’s intents by the media/gossip blog Gawker, one member of Hollywood Leaks claimed “We're simply here to facilitate the free flow of information from a place which was previously over looked, Hollywood."

Among the first targets was an actor in Tom Cruise’s upcoming musical Rock of Ages had his e-mail cracked which lead to the script eventually being posted to bittorrent site Pirate’s Bay in late August, well in advance of its 2012 release.

Early last week, rapper Kreayshawn found her nude pictures spread across the Internet after they were tweeted from her hijacked Twitter account. Actress Jenny Garth and musicians Miley Cyrus and DJ Drama have seen their phone numbers leaked over the past few weeks while actor Gerard Butler and rappers Lloyd Banks and Waka Flocka Flame were also targeted and had their e-mail addresses released to the public.

The celebrities’ sensitive information was posted to Pastebin, a file sharing site that has seen increased usage by hackers to show off their exploits as of late. The same site was used to distribute critical information belonging to IRC Federal and the Federal Bureau of Investigation following breaches earlier this year.

nb : threatpost Read More...