Hackers create chaos on Twitter with 'worm' attacks
Wednesday 22 September 2010
The information-rich world of Twitter was almost converted into total gobbledegook yesterday as hackers took advantage of a security flaw to create self-replicating "worms" that automatically posted themselves to users' accounts.
Any Twitter user who hovered their cursor over the unintelligible messages immediately risked spreading them to the accounts of their own followers. At its peak, over 100 such messages were being generated every second, causing consternation among the Twitter community, who rely on the service for everything from breaking news to inconsequential amusement.
The effects of the worm ranged from harmless messing about to malicious redirects to unsavoury websites; at one point Sarah Brown, wife of the former PM, unwittingly guided her 1.1 million devoted followers towards a Japanese pornography site. "Don't touch the earlier tweet," she posted later. "This twitter feed has something very odd going on!"
Odd indeed – but also something that was easily preventable, and which will have caused embarrassment to Twitter in the week following the much-publicised roll-out of its relaunched website.
The way Twitter works meant that the biggest damage was wrought by those with the largest number of followers. Sarah Brown was the most notable, but others included former deputy Prime Minister John Prescott, White House press secretary Robert Gibbs ("Absolutely no clue why it sent that message or even what it is") and comedian David Mitchell ("Apologies... more evil robots, basically. Get used to them, I say.")
Users who had already been granted access to the new-look version weren't affected, and nor were those who interact with the service using applications on their computers or mobile devices. The worm targeted those who still access their accounts by logging on to the main Twitter site – the vast majority – hence the worms' rapid spread.
This type of attack is known as XSS or "cross-site scripting", and is by far the most common way for web security to be compromised. If a hacker can find a way to execute a script on a website, that script can gain access to sensitive details that the browser might be holding on our behalf – including, as was the case here, the ability to automatically post messages on Twitter.
Twitter patched this particular vulnerability within three hours, but XSS attacks will continue to affect users of popular websites; there will always be geeks keen to wreak havoc for financial gain.
Life & Style blogs
McDonald’s launches clothing line using Big Mac prints
Facebook to test 747-sized drones that will beam broadband to the entire world
The distress of some Zayn Malik fans is real, and they need support, say experts
Chair-bound workers 'should move around every hour to reduce physical and mental health risks'
American Apparel gets another ad banned by advertising watchdog for sexualising children
Nigel Farage brands LGBT activists 'filth' and 'scum' and accuses them of scaring away his children after they invade his local pub
Ukip supporters are 55 or older, white and socially conservative, finds British Social Attitudes Report
JK Rowling responds to fan tweeting she 'can't see' Dumbledore being gay
Russia threatens Denmark with nuclear weapons if it tries to join Nato defence shield
Jeremy Clarkson sacked live: Alan Yentob 'wouldn't rule out' ex Top Gear host's BBC return
Germanwings plane crash live: Andreas Guenter Lubitz intentionally crashed flight 9525 into the Alps in act of mass murder and suicide – latest
- 1 Germanwings crash: Police make 'significant discovery' at home of co-pilot Andreas Lubitz
- 2 Germanwings captain Patrick Sondenheimer tried to break into locked cockpit door 'with an axe' as plane was descending
- 3 Zayn Malik already working on solo material, just days after quitting One Direction
- 4 The West has it totally wrong on Lee Kuan Yew
- 5 #FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
iJobs Gadgets & Tech
£30000 - £40000 per annum: Recruitment Genius: Our client is looking to find a...
£21000 - £23600 per annum: Recruitment Genius: An exciting opportunity to join...
£22000 - £28000 per annum: Ashdown Group: This is a large multi-site operation...
£50000 - £65000 per annum: Recruitment Genius: Due to continued business growt...