Hackers create chaos on Twitter with 'worm' attacks

The information-rich world of Twitter was almost converted into total gobbledegook yesterday as hackers took advantage of a security flaw to create self-replicating "worms" that automatically posted themselves to users' accounts.

Any Twitter user who hovered their cursor over the unintelligible messages immediately risked spreading them to the accounts of their own followers. At its peak, over 100 such messages were being generated every second, causing consternation among the Twitter community, who rely on the service for everything from breaking news to inconsequential amusement.

The effects of the worm ranged from harmless messing about to malicious redirects to unsavoury websites; at one point Sarah Brown, wife of the former PM, unwittingly guided her 1.1 million devoted followers towards a Japanese pornography site. "Don't touch the earlier tweet," she posted later. "This twitter feed has something very odd going on!"

Odd indeed – but also something that was easily preventable, and which will have caused embarrassment to Twitter in the week following the much-publicised roll-out of its relaunched website.

The way Twitter works meant that the biggest damage was wrought by those with the largest number of followers. Sarah Brown was the most notable, but others included former deputy Prime Minister John Prescott, White House press secretary Robert Gibbs ("Absolutely no clue why it sent that message or even what it is") and comedian David Mitchell ("Apologies... more evil robots, basically. Get used to them, I say.")

Users who had already been granted access to the new-look version weren't affected, and nor were those who interact with the service using applications on their computers or mobile devices. The worm targeted those who still access their accounts by logging on to the main Twitter site – the vast majority – hence the worms' rapid spread.

This type of attack is known as XSS or "cross-site scripting", and is by far the most common way for web security to be compromised. If a hacker can find a way to execute a script on a website, that script can gain access to sensitive details that the browser might be holding on our behalf – including, as was the case here, the ability to automatically post messages on Twitter.

Awareness of the problem came to light early on Wednesday, when the person behind an account called @RainbowTwtr realised that the site's automatic conversion of website addresses within messages could be embellished with a potentially powerful code known as JavaScript.

Twitter patched this particular vulnerability within three hours, but XSS attacks will continue to affect users of popular websites; there will always be geeks keen to wreak havoc for financial gain.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: IT Infrastructure Engineer

    £30000 - £40000 per annum: Recruitment Genius: Our client is looking to find a...

    Recruitment Genius: IT Engineer

    £21000 - £23600 per annum: Recruitment Genius: An exciting opportunity to join...

    Ashdown Group: IT Support Analyst - Liverpool - up to £28,000

    £22000 - £28000 per annum: Ashdown Group: This is a large multi-site operation...

    Recruitment Genius: Salesforce Developer

    £50000 - £65000 per annum: Recruitment Genius: Due to continued business growt...

    Day In a Page

    The saffron censorship that governs India: Why national pride and religious sentiment trump freedom of expression

    The saffron censorship that governs India

    Zareer Masani reveals why national pride and religious sentiment trump freedom of expression
    Prince Charles' 'black spider' letters to be published 'within weeks'

    Prince Charles' 'black spider' letters to be published 'within weeks'

    Supreme Court rules Dominic Grieve's ministerial veto was invalid
    Distressed Zayn Malik fans are cutting themselves - how did fandom get so dark?

    How did fandom get so dark?

    Grief over Zayn Malik's exit from One Direction seemed amusing until stories of mass 'cutting' emerged. Experts tell Gillian Orr the distress is real, and the girls need support
    The galaxy collisions that shed light on unseen parallel Universe

    The cosmic collisions that have shed light on unseen parallel Universe

    Dark matter study gives scientists insight into mystery of space
    The Swedes are adding a gender-neutral pronoun to their dictionary

    Swedes introduce gender-neutral pronoun

    Why, asks Simon Usborne, must English still struggle awkwardly with the likes of 's/he' and 'they'?
    Disney's mega money-making formula: 'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan

    Disney's mega money-making formula

    'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan
    Lobster has gone mainstream with supermarket bargains for £10 or less - but is it any good?

    Lobster has gone mainstream

    Anthea Gerrie, raised on meaty specimens from the waters around Maine, reveals how to cook up an affordable feast
    Easter 2015: 14 best decorations

    14 best Easter decorations

    Get into the Easter spirit with our pick of accessories, ornaments and tableware
    Paul Scholes column: Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season

    Paul Scholes column

    Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season
    Inside the Kansas greenhouses where Monsanto is 'playing God' with the future of the planet

    The future of GM

    The greenhouses where Monsanto 'plays God' with the future of the planet
    Britain's mild winters could be numbered: why global warming is leaving UK chillier

    Britain's mild winters could be numbered

    Gulf Stream is slowing down faster than ever, scientists say
    Government gives £250,000 to Independent appeal

    Government gives £250,000 to Independent appeal

    Donation brings total raised by Homeless Veterans campaign to at least £1.25m
    Oh dear, the most borrowed book at Bank of England library doesn't inspire confidence

    The most borrowed book at Bank of England library? Oh dear

    The book's fifth edition is used for Edexcel exams
    Cowslips vs honeysuckle: The hunt for the UK’s favourite wildflower

    Cowslips vs honeysuckle

    It's the hunt for UK’s favourite wildflower
    Child abuse scandal: Did a botched blackmail attempt by South African intelligence help Cyril Smith escape justice?

    Did a botched blackmail attempt help Cyril Smith escape justice?

    A fresh twist reveals the Liberal MP was targeted by the notorious South African intelligence agency Boss