From: InfoSec News (alertsinfosecnews.org)
Date: Tue Dec 01 2009 - 03:10:21 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.mid-day.com/lifestyle/2009/nov/231109-Priyanka-Chopra-Twitter-account-Security.htm

[Ankit Fadia, India's uber hacking expert, appears to heavily promote
Viagra, or been hacked by evil spammers that found a way to subtlety
deface the web page. - http://attrition.org/errata/sec-co/fadia01.html - WK]

By Kumar Saurav
Mid Day
2009-11-23
Mumbai

Not just Priyanka Chopra, but any celebrity or public figure's Twitter
updates can jeopardize national security, claims 24 year-old ethical
hacker Ankit Fadia

Mumbai-based cyber security consultant Ankit Fadia, who claims that his
website Hacking Truths was judged as the second best hacking site in the
world by the FBI, says social networking sites are the latest threat to
India's security. The potency and penetration of social networking in
the country has made it possible for anyone to track and connect with
film stars, politicians and other public figures who were once beyond
reach.

Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor and Barack
Obama are just a few from a whole bunch of celebrities who update their
Twitter status regularly. But "are they doing it wisely?" is what Fadia
asks.

Why are you apprehensive about celeb tweeting?

If you follow celebs, you'll observe that they disclose information on
where they are shooting, what their shooting schedule looks like and the
hotel they are put up at. Unintentionally, they are inviting trouble,
because troublemakers are hungry for such information.

Any instances?

Singer Britney Spears' account on Twitter is hacked almost once every
two months. One of the hackers even claimed on her wall, that he's her
public relation officer and that Britney is dead, with details about the
date and venue of her funeral.

Indian politico Shashi Tharoor's account has been hacked several times
too. Even Big B and Aamir Khan's blog were hacked. Once a blog, website,
social networking account is hacked, a hacker has full control over it.
He can spread rumours, communicate with fellow criminals, and indirectly
make you a partner in their crime.

How would you rate the technical stylishness of terrorists?

They are far ahead. When I was asked by the US intelligence to decode
some scripts after the 9/11 attacks, I was stunned to see the kind of
technology they used to communicate. The agencies had tracked some
emails where a few individuals were frequently exchanging photographs of
Canadian rockstar Avril Lavigne. Hidden text messages that aren't
visible to the naked eye, were being exchanged through these pictures.

What about Mumbai's 26/11 terror attacks?

For 26/11, they had used highly secured Voice Over Internet Protocol
(VOIP) like Skype to communicate with each other. The data on VOIPs'
servers is so huge that by the time you track them, the damage has been
done and criminals are out of reach. The 26/11 terrorists had used the
"proxy bouncing" technique, where in they were sending messages through
a Saudi Arabia based server, while they were actually sitting in
Pakistan.

Why is tracking such messages so difficult?

They know the loopholes, and how to use them affectively. Suppose three
terrorists A, B and C want to communicate with each other, what they do
is create a Twitter account and follow each other, thus forming a closed
group. So if A posts a message saying "Plant Bomb at Parliament at 11
am", just B and C will be able to see the message. And since Twitter is
based in the US, Indian authorities wouldn't have control over this
exchange of messages.

Tracking messages is another problem. I will track a suspicious mail
only if it's sent. If A wants to communicate with B, he will type an
email and save it as a draft instead of sending it. Now B, whose has A's
password will log in to A's account, read the mail in the "Draft"
folder. Since the mail hasn't been sent, it becomes almost impossible to
track it.

How do spammers and hackers operate in social networking sphere?

There are viruses, worms, spyware and malware that spread through social
networking websites. One day, you receive a private message from one of
your friends (who is already infected) containing a link to a Youtube
video. Halfway through the video, it will prompt you to download some
video plugin. Since the message comes from your friend, you trust it,
but the moment you click it, you get infected. Get rich quick schemes,
earn money online scams and various money laundering attacks now come
through social networking sites.

________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]