Cyber crooks riding social-networking wave - report

A hacking incident report released Monday warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter. Hackers aren't just hunting for victims in the flocks of people at social...

A hacking incident report released Monday warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter.

Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to internet security specialists.

"Any website with a huge user following is now attracting the bad guys," said Ryan Barnett, director of application security research for Breach Security.

"A lot of Web 2.0 widgets, mash-ups and the like that users go for make it easy for all these guys to launch attacks."

Facebook became an internet star after opening its platform to widgets, mini-applications made by outside developers, and now boasts more than 250 million members.

Mr Barnett was among the authors of a Web Hacking Incidents Database Bi-Annual Report that concluded social-networking was the most popular "vertical market" for hackers in the first six months of this year.

The prime targets for attacks in 2008 were government and law enforcement websites, according to the WHID.

Researchers analysed computer security incidents worldwide, finding the number of web attacks jumped 30 per cent from the same period last year.

Hackers targeted social networks in 19 per cent of the attacks, according to the report.

"If you look back at 2007 and 2008 reports, criminals who are profit-driven with an end goal of identity theft were targeting e-commerce websites," Mr Barnett said.

"What we started to see last year is that they are continuing to do that but that they have really branched out."

Twitter's appeal to hackers includes an ability to play the odds by routing short, tainted messages to thousands of computer users simultaneously. Unseen malicious code infects machines that haven't been properly updated.

Computer viruses can be hidden in files offered for sharing at Twitter, and in third-party programs that promise to enhance microblogging service capabilities.

"It is abusing some of the Web 2.0 technology," Mr Barnett said.

Arbor Networks security research manager Jose Nazario last week reported uncovering a Twitter account being used as a "command and control" channel to send orders to a "botnet" army of zombie computers.

"I found a botnet that uses Twitter as its command and control structure," Mr Nazario wrote in a blog post at Arbor's website.

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.