Hacking Social Media

The first comment I get when speaking about social media security is almost always, “so what, it’s social media.” Followed quickly by, “I’m not important anyway.” Mix that with comments like, “I’ve got nothing to hide.” and you have a society that can be happily insecure.

In december a hacked social media account gave a 30-something a rude awaking as he was let go from his job for derogatory posts made over three days which his employer found highly offensive. Even when he tried to tell them these posts were the result of being hacked, the damage had been done. Merry christmas from hacking trolls. He was ‘unimportant’ right?

What are the reasons for these attacks on social media?

Fun and Games

For many hackers out there they deface websites and social media for fun and recognition. It works a bit like graffiti really. “Check out what I did!” or “LOLZ the KKK now follows the United Negro College Fund and Black Lives Matter!” It’s all fun and games until…

Forced Shares

In this use of a hacked social media account the hackers share information that is either offensive or is fictitious though appearing to be legitimate. The malicious intent may have many drivers, but the consequences can be devastating.

One of the social media admins at Associated Press got their account hacked which led to a sell off on Wall Street do to mis information. The credibility of the Associated Press was highly damaged that day. While it’s impossible to calculate the total costs this one fake tweet cost the market $136 Billion dollars. While money can be remade, reputations are much harder to repair.

Another example involved a teenager who was outed as gay. The fall out on social media from friends and family of this 15 year old who lived in a very religiously conservative mormon community resulted in his suicide.

Setting Up for Greater Attacks

The most common of the forced shares which can have widespread consequences is the phishing link. Here your friends on social media will be directed to a page that can really harm them. As it comes from you, a trusted friend and seems ligit, this attack can have disastrous affect on your friends and family.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, credit card details and other sensitive information which allows for a wide variety of attacks against the target. Often phishing sites also try to install malware. With the zero day malware (new viruses and malware with no detection algorithm) these phishing sites pose a great threat to personal and corporate security.

Many times there are greater reasons then fun and games or embarrassing a person or company. Social media has brought Social Engineering to the forefront of security risks. Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. Social media makes gathering the information about you easier too.

This can affect everyone

Identity Theft, Social Engineering, opening doors to phishing, malware, ransomware, and worse await you on the internet. Social media hacking contributes to these issues and more.

Everyone should be using strong passwords for social media. They should be using authentication helpers provided by many of the social media companies. Facebook for example has a wonderful feature that insists you verify new browsers or app installs. It is not good practice alone, but necessity to utilize these features. Especially if you use your social media account to admin a corporate page.

You may think that you’re not ‘important’ or ‘have nothing to hide’ but you are most definitely wrong. Privacy is important. There are real world consequences that you can face if you don’t better secure your social media accounts now. Start with better passwords, add some encryption, look into the security features offered by sites like facebook and twitter and above all, don’t be gullible!