Britney Spears’ Twitter hoax says much about security on social networks

Earlier this month, Britney Spears revealed to her 3.7 million Twitter followers that she was part of a global conspiracy to dominate the world with a secret shadow government run by Freemasons.

At least it appeared that way, until Twitter posted a message stating her account had been hijacked. It wasn’t the first time the pop-star’s account had been taken over by a fraudster.

But Spears isn’t the only social media user being targeted by hackers, according to security researchers from Symantec Corp. 2009 has seen a major increase in the number of attacks launched on social networks, and the quality of the attacks has also improved to claim more victims.

Social networking is an environment that invites exploitation because of users’ inherent trust, says Paul Wood, senior analyst with MessageLabs Ltd.

“When you’re walking down the street, you’re very aware of the risks around you. But when you’re online, you have no sense of the level of danger,” he says. “Especially if it’s a message from someone you know, it’s much more difficult to detect a hoax.”

Social networks such as Twitter and Facebook also prompt users to adopt sometimes-risky behaviours.

URL shortening services have become popular because they let users stuff links into a 140-character message allowed by Twitter. But the problem with that is users often don’t know where the link ultimately leads them, says Zulfikar Ramzan, a technical director of security technology and response at Symantec.

“It will take some time for people to build up their Internet street smarts,” he says.

Third-party applications used on social networks could also be avenues of attack for hackers, Wood says.

“The bad guys can actually plant some malicious code in the social network application and gain access to personal information,” he says. “The applications themselves may be created with some other purpose in mind for generating revenue other than the actual game being played.”

The malicious use of social networks will only escalate in 2010, the researchers agreed. It is likely to take a similar path to the spread of spam over instant messaging clients, such as MSN.

MSN accounts are also being hijacked to send out spam links, and as many as one in 12 links sent via instant messages, in 2010, will lead to a malicious site, the researchers added.

But social networking security issues won’t be the only problems plaguing computer users next year. The more predictable problem of private data breaches will also intensify.

This year, the rate of data breaches continued to grow steadily. As of mid-October, there were 400 data breaches reported in the U.S. alone, exposing the information contained in millions of records.

Most of those data breaches can be attributed to insider carelessness, Ramzan says.

Also, look out for these other computer attacks for 2010:

Rogue Security Software

An attack most users are familiar with involves a pop-up tells you your PC is infected and you need to download (and sometimes pay for) security software that can fix it.

If you’re foolish enough to actually do so, you’ve actually just loaded your PC with even more malware. There are 250 distinct versions of rogue security software circulating on the Web, Symantec says. In the first half of 2009, there were 43 million attempts at installing this fraudulent software.

Some versions of this attack are taking free and legitimate anti-virus software and repackaging it with new graphics, Symantec’s Ramzan says.

“We’re not dealing with a black and white phenomenon, but with varying shades of grey,” he says.

Mac and Mobile Threats Emerge

Computer security problems have historically been the bane of Windows users, almost exclusively. But that might change in 2010 — as Mac computers and mobile devices become more popular, they’ll catch the attention of more hackers.

Mac users already got their first taste of this treatment in 2009. The OSX.Iservice Trojan targeted them, just as the Sexy Space botnet targeted Symbian mobile users.

Of course, Windows 7 will be a favourite target as well, Ramzan says.

“Attackers without a doubt are going to find new ways to attack the people who are going to use it,” he says.

You can listen to a podcast of all of Symantec’s predictions for 2010 here.

Follow Brian Jackson on Twitter

Share on LinkedIn Share with Google+
More Articles