Threat Wire 0023 – Better Security Coming to Twitter?
This week on Threat Wire, Darren and Shannon discuss the indictment of the Pirate Bay’s founder, the Associated Press Twitter getting hacked and their installment of Two Step authentication and much more!
*Twitter Two-Factor http://www.wired.com/threatlevel/2013/04/twitter-authentication/
There has been some talk about Twitter introducing two-step authentication into their service for some months, starting with several hacked Twitter accounts in early 2013 to a job posting mentioning two-step authentication in February. Wired wrote on Tuesday that “Twitter has a working two-step security solution undergoing internal testing before incrementally rolling it out to users, something it hopes to begin doing shortly.” http://money.cnn.com/2013/04/23/technology/security/ap-twitter-hacked/
“This would mean that users would need to enter both something they know (their password) and something they have (a randomly generated PIN code that is sent to their smartphone or tablet). Two-factor authentication is a sure-fire way to add security to accounts, and is necessary for Twitter’s high profile status.
This information came on the heels of another Twitter hack- this time on Associated Press’s account. Likely compromised during a phishing attack where a hacker could, for example, send an email from a fake twitter service and ask the AP to login with their credentials, the AP tweeted about an explosion and an injured President Obama. Obviously this information was false, but it also created a ripple effect- briefly sending the Dow Jones Industrial Average down a few points. The Syrian Electronic Army claimed responsibility, but at time of recording this is yet to be confirmed.” http://thehackernews.com/2013/04/hacked-twitter-account-of-associated.html?m=1
Several high profile accounts have been compromised this year, many of which were a cause of phishing attacks, weak passwords, viruses or malware, or the user being on an open unsecure network. Two-factor doesn’t FIX the problem, but it is one solution that can HELP. http://hosted.ap.org/dynamic/stories/A/AP_TWITTER_HACKED?SITE=TXWIC&SECTION=HOME&TEMPLATE=DEFAULT
*Japanese police ask ISPs to start blocking Tor
According to prosecutor Henrik Olin, “A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers of people with protected identities.” But is Svartholm just a scapegoat? According to the indictment, a computer and chat transcripts of Svartholm and the other suspects were seized. http://arstechnica.com/tech-policy/2013/04/japanese-police-ask-isps-to-start-blocking-tor/
The recommendation comes soon after an embarrasing case to the NPA in which a hacker going by the handle “Demon Killer” posted several bomb threats against schools and kindergartens on public message boards. After many arrests, a 3 million Yen bounty and a stange story of a cat found wearing evidence on a USB drive attached to its collar – a bizare story I’ll leave in the show notes – siezed computers were found to have routinely used Tor for anonymization. http://www.zdnet.com/japanese-isps-to-block-tor-users-guilty-until-proven-innocent-7000014321/
*Pirate Bay Founder Indicted on Hacking Charges http://www.wired.com/threatlevel/2013/04/pirate-bay-co-founder-indicted/
The Pirate Bay cofounder Gottfrid Svartholm was indicted on hacking charges having to do with breaching the Nordea Bank, several Swedish companies, and the government’s federal taxing agency, none of which actually have to do with the Pirate Bay. The Pirate Bay is a long standing torrent-based file sharing website that is notoriously known for being rebels. Thousands of copyrighted works can be found throughout their site, and the four men involved were convicted of running the service. http://www.thelocal.se/47376/20130416/#.UXgeJkBDvnh
The hacks are believed to have started in 2010 and continued until April of 2012, and the trial will be held in May.