Today, we all spend a large amount of time on social media, posting our activities on Facebook or Twitter and catching up on what’s happening in the news, with friends and families, or the world over. With so much dependency on these networks to keep us connected and engaged, users need to be kept aware of what is going on around these networks. We also need to be proactive with our personal information to do all we can to protect ourselves against account hacks.
Recently, Twitter and LinkedIn have been a part of large hack events where numerous accounts were taken over and had bad material posted to them. On twitter alone, big name celebrities have been victim to this type of event.
To learn more on this subject, we reached out to Dr. Sanjay Goel, Associate Professor in the Information Technology Management Department at the University at Albany‘s School of Business and director of the UAlbany Digital Forensics Program. The Digital Forensics Program is the first of its kind within the SUNY system and among just a handful of such across the country. In just two years, the program has reached 170 students and is set to pass 200 this year. In addition, Dr. Goel is also the Director of Research at the New York State Center for Information Forensics and Assurance.
Typically, they are not overtly malicious. A good way to put it is that these activities are opportunistic hacking, not targeted hacking. These small scale events are not typically carried out by a single person at a basement computer, but rather by bots coded to scan the internet and networks searching for weak password configurations and other weaknesses within the systems that would allow entry into user accounts. This access then provides access to more platforms for hackers and bots to spread their messages or carry out their goals.
The answer here is often that these security vulnerabilities present an opportunity for the hackers to show bravado, or to make a point that they can break into areas that are not theirs. Hackers may simply look for high profile social media accounts as a form of visibility of their work, or to heighten the embarrassment associated with these actions. Or, if there is anger surrounding an issue, hackers may look to make a point through the source itself to convey the anger.
Well, what is there to lose from a social media hack? Typically it turns into a short period of embarrassment which gets removed or resolved and then goes away. But if a large hack was done to, for example, a students record database where grades were changed, the entire institute that was victim to such an attack would be deeply hurt. The entire issue is a matter of risk analysis. A company doesn’t want to spend more money than is necessary for development or security. The deeper the risk potential, the more attention and resources will be developed to secure it. If the risk isn’t severe, basic security settings will suffice.
First, remember that every now and then, this behavior pops up and can effect anybody. Users need to keep to a strong security hygiene practice.
Taras Kufel is the Manager of Digital Engagement at the State University of New York.