Social Networking Hijack Exploits Online Messaging

Dennis Faas's picture

In most cases, when an individual finds themselves the victims of an online phishing, virus or malware attack, the damage has already been done. Now, a London-based coder has designed a hijacking tool that compromises Twitter accounts for the sole purpose of raising awareness over the dangers associated with conducting social network-based communications over unsecured networks.

Jonty Wareing, of London, England, created the software tool (called "Idiocy") as a second-chance for those who decide to take a risk when using Twitter, the popular social network. Idiocy is designed to scour the Internet looking for people who visit Twitter over public WiFi and hijack their sessions to post a tweet informing them that their system is now vulnerable to an attack.

An "Informational Takeover"

Acting as a kind of informational takeover, a link has also been included in the tweet, directing users to a website that explains what has happened following the system exploit.

Daniel Peck, a research scientist at Barracuda Networks, applauds the work of Wareing, claiming that the main concern for most social networks is rapid growth, even if that means putting security measures on the backburner.

As he explains, "A large amount of the communication between individuals today is through social networking sites, where rapid growth is first priority and security is an afterthought, but most don't implement any sort of encryption at all." (Source: itpro.co.uk)

Mozilla Inspires Friendly Hack

Wareing found inspiration for Idiocy in the recent Firefox browser extension "Firesheep", which was designed to exploit weak transaction security on social network applications such as Facebook and iGoogle. Firesheep allows users to scan for vulnerable active social networking sessions and gives them a simple-to-use interface to launch attacks. (Source: eweek.com)

While the majority of social network login pages are protected by SSL encryption, often the secure connection is abandoned by the site. As Peck further explains, "The user is dropped back to an unsecure connection that exposes the cookie or session ID that uniquely identifies the user, allowing tools like Firesheep to impersonate the account."

With the recent Koobface virus returning as a serious threat last week, an "Idiocy" hijacking might just be the thing to "smarten" people up about their risky online behavior.

Rate this article: 
No votes yet