Twitter Hacked - 12-21-2009

                As some of you may be aware, Twitter was hacked over the weekend. Investigation of the actual compromise points to a likely traffic based compromise, not an integrity or access control compromise. However, those of you that have clients which maintain connectivity with this service should change password information immediately. Bear in mind, although this service is not generally used for business purposes, many of our employees are users and the effects of account compromise can impact our business.
Although Twitter is claiming the compromise was "focused on defacement", not account compromise, this is solely based on their investigation of immediate evidence. In fact this is the third time this year, Twitter was the victim of a security breach stemming from a simple technique to bypass defenses. In this case, a hacker guessed the password for an employee's personal e-mail account and worked from there to steal confidential company documents. As the holidays approach, Vault Ecommerce has also noticed a substantial increase in brute force activity against both general use and administrative protocols.

Similar attacks in the past have often been investigated solely based on noticed impacts avoiding the cost of "what if" possibilities.

For those of you allowing chat and other social network programs from your offices, we do recommend consideration for these such incidents and how they can be addressed by awareness or other absolved strategies for your environment. Often times, security awareness does not address such issues as how allowed social networks should be used within company guidelines. For instance, specifically disqualifying the use or storage of company information or passwords shared with company assets online. While most companies continue to try to block and deny use of many of these services, everyone may be forced at some point to address inpropper use of these head on as well given the sometimes difficult and costly measures required to block all social networking.

One thing to also consider is these social sites often times have us remain "logged in" in some way even while away from the computer or phone we use it for. What are the chances that an employee will rush in to the office in the middle of the night when one of these programs are compromised? Will they even know? What is the impact on IT to have to be concerned with such issues?

Regardless of the standpoint made in policy, social neworking use should be monitored for data loss prevention (DLP) whenever cost-feasible. Many less expensive technologies, such as Snort, do have numerous signatures available for monitoring chat and even some web based solutions. While commercial DLP products provide better visibility, as well as bells and whistles, cost continues to play a prohibitive factor for some in DLP adoption.

References

CNN Article

Technical Article with Detail