The IT Nerd

Trend Micro Incorporated today announced a new study revealing how cybercriminals are abusing Twitter via tech support scams, command-and-control (C&C) operations and data exfiltration.

Trend Micro researchers analyzed a large volume of Twitter data to identify relationships between various entities to spot anomalies and uncover key insights.

Criminals were found using fake Twitter accounts to spoof those of legitimate vendors for credible tech support scams. Users call the fake phone number provided, believing they are speaking with the intended company’s help desk, which results in the caller either sharing credit card information or installing malicious content on their computer.

This is often part of a multi-platform strategy along with YouTube, Facebook, Telegram and other channels to improve SEO for fake tech support websites linked to the Twitter accounts, boosting their search rankings.

While criminals are using the social network for bad, threat researchers can leverage the power of social media for good. Most notably, Twitter is used for monitoring vulnerability disclosures to inform patch prioritization, and scanning for indicators of compromise, threat detection rules, and other contextual information to boost threat intelligence.

Trend Micro recommends users confirm the validity of a Twitter account by checking the company’s website directly, rather than through the account. It is also important for security teams to validate Twitter data when leveraging it for investigations or threat intelligence.

To read the full report, please visit:  https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hunting-threats-on-twitter.

It seems that Twitter is down globally as users who are trying to log on aren’t having much luck. What appears is a message saying “Something is technically wrong.” This is confirmed by Downdetector and Twitter’s status page. There’s currently no time to resolution as of yet. But when it’s resolved, I’ll post an update.

UPDATE: This issue is now resolved.

Twitter has announced some iOS users saw their location data leaked to one of their third-party partners under some very specific circumstances:

Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.

Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.    

We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process. 

Twitter has since fixed the issue, and all is as it should be with the universe. But I think that for companies that seem to consistently make these types of mistakes, there should be consequences. As in something more than bad PR. That would force them to up their game and keep your data safe.

Twitter really has to tighten things up as they’ve fixed a five year old bug that exposed the private tweets of Android users. Twitter has let affected users know and is really sorry for this. They also say that they can’t be sure that they have pinged everyone who has been affected. So Android users should review their privacy settings to ensure that their ‘Protect your Tweets’ setting reflects their preferences. But seriously. having a bug that flew under the radar for five years is kind of bad. It’s got be embarrassing if you’re Twitter.

Happy Friday!

The fine folks over at Gizmodo have an eye opening story that goes like this. Security researchers from Insinia Security discovered a hole on the Twitter platform that could allow a miscreant to post unauthorized tweets. They disclosed this to Twitter, and the social media company claimed to have fixed the problem. But when the researchers sanity checked the fix, they discovered it wasn’t fixed:

During a private chat with Gizmodo, however, the hackers appeared to reproduce their experiment, forcing an account belonging to the head of a London-based financial technology company to retweet a tweet from the BBC. Insinia said it verified the flaw remained using “a number of accounts.”

Twitter claims it is investigating this, but this seems like one hell of a screw up. Or worse, Twitter might have been hoping that nobody checked their work. Too bad for them that someone was smart enough to.

Take home message. If you say something is fixed. You should make sure that it is fixed or someone will call you on it.

Twitter is suggesting that all Twitter users update their passwords following a “bug” that exposed some passwords in plaintext on its internal networ:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

That’s a bit of a #fail. The only saving grace is that these passwords were exposed internally. Thus the risk level SHOULD be low. But you should change your password just in case because these days you never know.

It seems that Twitter may be about to have its own Facebook moment now that Bloomberg has discovered that a researcher who is linked to Cambridge Analytica which is the company that slurped up the data of 88 million (or more) people from Facebook bought data from Twitter:

Twitter sold data access to the Cambridge University academic who also obtained millions of Facebook users’ information that was later passed to a political consulting firm without the users’ consent. Aleksandr Kogan, who created a personality quiz on Facebook to harvest information later used by Cambridge Analytica, established his own commercial enterprise, Global Science Research (GSR). That firm was granted access to large-scale public Twitter data, covering months of posts, for one day in 2015, according to Twitter. “In 2015, GSR did have one-time API access to a random sample of public tweets from a five-month period from December 2014 to April 2015,” Twitter said in a statement to Bloomberg. “Based on the recent reports, we conducted our own internal review and did not find any access to private data about people who use Twitter.” The company has removed Cambridge Analytica and affiliated entities as advertisers. Twitter said GSR paid for the access; it provided no further details.

I wonder if we’re now going to have a #DeleteTwitter hashtag popping up now?

This pretty much starts to paint the picture that every social media company might have been touched by these guys. So while Facebook aren’t choirboys, they are far from being the only bad actors here. Don’t be surprised if you hear about more companies getting caught up in this as the companies in question either check to see if they’ve done business with Cambridge Analytica or anyone associated with them, or the media simply outs them.