Hackers create chaos on Twitter with 'worm' attacks

The information-rich world of Twitter was almost converted into total gobbledegook yesterday as hackers took advantage of a security flaw to create self-replicating "worms" that automatically posted themselves to users' accounts.

Any Twitter user who hovered their cursor over the unintelligible messages immediately risked spreading them to the accounts of their own followers. At its peak, over 100 such messages were being generated every second, causing consternation among the Twitter community, who rely on the service for everything from breaking news to inconsequential amusement.

The effects of the worm ranged from harmless messing about to malicious redirects to unsavoury websites; at one point Sarah Brown, wife of the former PM, unwittingly guided her 1.1 million devoted followers towards a Japanese pornography site. "Don't touch the earlier tweet," she posted later. "This twitter feed has something very odd going on!"

Odd indeed – but also something that was easily preventable, and which will have caused embarrassment to Twitter in the week following the much-publicised roll-out of its relaunched website.

The way Twitter works meant that the biggest damage was wrought by those with the largest number of followers. Sarah Brown was the most notable, but others included former deputy Prime Minister John Prescott, White House press secretary Robert Gibbs ("Absolutely no clue why it sent that message or even what it is") and comedian David Mitchell ("Apologies... more evil robots, basically. Get used to them, I say.")

Users who had already been granted access to the new-look version weren't affected, and nor were those who interact with the service using applications on their computers or mobile devices. The worm targeted those who still access their accounts by logging on to the main Twitter site – the vast majority – hence the worms' rapid spread.

This type of attack is known as XSS or "cross-site scripting", and is by far the most common way for web security to be compromised. If a hacker can find a way to execute a script on a website, that script can gain access to sensitive details that the browser might be holding on our behalf – including, as was the case here, the ability to automatically post messages on Twitter.

Awareness of the problem came to light early on Wednesday, when the person behind an account called @RainbowTwtr realised that the site's automatic conversion of website addresses within messages could be embellished with a potentially powerful code known as JavaScript.

Twitter patched this particular vulnerability within three hours, but XSS attacks will continue to affect users of popular websites; there will always be geeks keen to wreak havoc for financial gain.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped OTE: SThree: Trainee Recruitment Consulta...

    SThree: Trainee Recruitment Consultant

    £18000 - £23000 per annum + Uncapped OTE: SThree: Trainee Recruitment Consulta...

    Recruitment Genius: Network Support Engineer

    £25000 - £30000 per annum: Recruitment Genius: A Network Support Engineer is r...

    Recruitment Genius: Account Director - Tech Startup - Direct Your Own Career Path

    £25000 - £40000 per annum: Recruitment Genius: This is an exciting opportunity...

    Day In a Page

    Refugee crisis: David Cameron lowered the flag for the dead king of Saudi Arabia - will he do the same honour for little Aylan Kurdi?

    Cameron lowered the flag for the dead king of Saudi Arabia...

    But will he do the same honour for little Aylan Kurdi, asks Robert Fisk
    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Humanity must be at the heart of politics, says Jeremy Corbyn
    Joe Biden's 'tease tour': Could the US Vice-President be testing the water for a presidential run?

    Joe Biden's 'tease tour'

    Could the US Vice-President be testing the water for a presidential run?
    Britain's 24-hour culture: With the 'leisured society' a distant dream we're working longer and less regular hours than ever

    Britain's 24-hour culture

    With the 'leisured society' a distant dream we're working longer and less regular hours than ever
    Diplomacy board game: Treachery is the way to win - which makes it just like the real thing

    The addictive nature of Diplomacy

    Bullying, betrayal, aggression – it may be just a board game, but the family that plays Diplomacy may never look at each other in the same way again
    Lady Chatterley's Lover: Racy underwear for fans of DH Lawrence's equally racy tome

    Fashion: Ooh, Lady Chatterley!

    Take inspiration from DH Lawrence's racy tome with equally racy underwear
    8 best children's clocks

    Tick-tock: 8 best children's clocks

    Whether you’re teaching them to tell the time or putting the finishing touches to a nursery, there’s a ticker for that
    Charlie Austin: Queens Park Rangers striker says ‘If the move is not right, I’m not going’

    Charlie Austin: ‘If the move is not right, I’m not going’

    After hitting 18 goals in the Premier League last season, the QPR striker was the great non-deal of transfer deadline day. But he says he'd preferred another shot at promotion
    Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

    How Isis profits from destruction of antiquities

    Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
    Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

    'If we lose touch we’ll end up with two decades of the Tories'

    In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea
    Tunisia fears its Arab Spring could be reversed as the new regime becomes as intolerant of dissent as its predecessor

    The Arab Spring reversed

    Tunisian protesters fear that a new law will whitewash corrupt businessmen and officials, but they are finding that the new regime is becoming as intolerant of dissent as its predecessor
    King Arthur: Legendary figure was real and lived most of his life in Strathclyde, academic claims

    Academic claims King Arthur was real - and reveals where he lived

    Dr Andrew Breeze says the legendary figure did exist – but was a general, not a king
    Who is Oliver Bonas and how has he captured middle-class hearts?

    Who is Oliver Bonas?

    It's the first high-street store to pay its staff the living wage, and it saw out the recession in style
    Earth has 'lost more than half its trees' since humans first started cutting them down

    Axe-wielding Man fells half the world’s trees – leaving us just 422 each

    However, the number of trees may be eight times higher than previously thought
    60 years of Scalextric: Model cars are now stuffed with as much tech as real ones

    60 years of Scalextric

    Model cars are now stuffed with as much tech as real ones