Sophos Cloud Optix
As many people have found, Twitter is a fantastic tool for spreading important news rapidly.
In the past it’s been used to share information about fires in Los Angeles, emergency landings in the Hudson River, and most recently helping aid be transported effectively to disaster stricken Indonesians.
Andi Arief is Indonesian president Susilo Bambang Yudhoyono’s disaster management adviser and a frequent user of Twitter. After a devastating spell of earthquakes, floods, volcanic eruptions and even a tsunami hitting the country, you can understand why some people would be following him on the micro-blogging service.
After all, Arief diligently posts up-to-date disaster-related information.
Unfortunately, Andi Arief’s Twitter account also caught the attention of hackers today, who broke into his account and started posting messages.
Perhaps the most dangerous bogus message posted from the account was a tweet which, according to local media reports, read:
Besok jakarta tsunami
which translates as “Jakarta tsunami tomorrow”.
Hacking into a Twitter account that is used for disaster relief is bad enough, but for the intruder to also spread malicious warnings makes me think that this must have been the actions of a very sick mind.
Arief struggled for some hours to get control of his account back, temporarily setting up another Twitter account to spread important information before things returned to normal.
(Thanks to Google for translating that for me)
It isn’t clear at this point exactly how Arief’s account was compromised but a cracked password will surely be suspected.
Remember, you should always choose a non-dictionary word that’s hard to guess as your Twitter password, and never use the same password on multiple websites.
Be on your guard against phishing sites and ensure that your computer is running up-to-date anti-virus software to protect against keylogging spyware which may attempt to steal your information.
Finally, consider carefully which third-party applications and websites you allow to connect with your Twitter account.
Very sick hacker!! I Hope Indonesian cyber police not as stupid as child who had just held computer for the first time, and hope the hacker can be arrested immediately.
This is how I create easy to remember passwords that appear random, complicated, non-dictionary and have a high number of characters.
Take a sentence you can remember easily. For example “Mary had a little lamb, it’s fleece was white as snow, and everywhere that Mary went the lamb was sure to go”
Now take the first letter of each word: MhallifwwasaetMwtlwstg
Now replace S with 5, I with 1, the T for the word TO with 2, and so on according to what makes sense to you. Which is important – it *only* has to make sense to *you*.
Mhall1fwwa5aetMwtlw52g
Some kids who fancy themselves as hackers like to use 7 for L and 3 for E. So I’ll do that BUT only for the first letter of a pair of letters or letter appearing singly.
Mha7l1fwwa5a3tMwt7w52g
That’s a 22 character password created using an easy to remember “seed” phrase and a few easy to remember tweaks.
This works very well if you make up your own rules, and the advantage is you can create different passwords from the same initial phrase depending on which rules you decide to apply.
thank you
Hello Graham,
I'm not sure if the hijacker is really that "sick". If I'd have to do a psychogram for the attacker, I'd say the chances are equal that he is just childish in his thinking because he doesn't forsee the implications of his blunt "prank". In this case I'd expect the age of the person between 14-18 years.
Regards,
Marc
Hello,
I'm doing the same. But I prefer to use sentences with countable objects and use the numbers as digits. And I keep the punctuation marks. Example:
"Is this really my second post today?" => Itrm2pt?
Regards,
Marc
Sounds a bit like the video I made here about how to choose a hard-to-crack but memorable password:
http://nakedsecurity.sophos.com/2010/02/03/choose…
Convergent evolution?
No need to crack the password. You just need a packet sniffer and wait for the user to connect on twitter.
Why, did this advisor have an unsecured Twitter account?