Today, we all spend a large amount of time on social media, posting our activities on Facebook or Twitter and catching up on what’s happening in the news, with friends and families, or the world over. With so much dependency on these networks to keep us connected and engaged, users need to be kept aware of what is going on around these networks. We also need to be proactive with our personal information to do all we can to protect ourselves against account hacks.
Recently, Twitter and LinkedIn have been a part of large hack events where numerous accounts were taken over and had bad material posted to them. On twitter alone, big name celebrities have been victim to this type of event.
- Twitter’s largest user account, belonging to Katy Perry, was hacked and had profanity and slurs issued from it.
- The NFL Twitter account was hacked and pushed out false statements about commissioner Roger Goodell.
- The man who basically brought social media to the world with Facebook, Mark Zuckerberg, had his other social accounts hacked recently.
- The former CEO of Twitter, Dick Costello, had his account taken over.
- And yes, the Twitter account here at SUNY was victim to a short takeover this past weekend.
To learn more on this subject, we reached out to Dr. Sanjay Goel, Associate Professor in the Information Technology Management Department at the University at Albany‘s School of Business and director of the UAlbany Digital Forensics Program. The Digital Forensics Program is the first of its kind within the SUNY system and among just a handful of such across the country. In just two years, the program has reached 170 students and is set to pass 200 this year. In addition, Dr. Goel is also the Director of Research at the New York State Center for Information Forensics and Assurance.
To begin with, what exactly are these social media hack events?
Typically, they are not overtly malicious. A good way to put it is that these activities are opportunistic hacking, not targeted hacking. These small scale events are not typically carried out by a single person at a basement computer, but rather by bots coded to scan the internet and networks searching for weak password configurations and other weaknesses within the systems that would allow entry into user accounts. This access then provides access to more platforms for hackers and bots to spread their messages or carry out their goals.
So what might they be trying to do if they find a way in to the account?
The answer here is often that these security vulnerabilities present an opportunity for the hackers to show bravado, or to make a point that they can break into areas that are not theirs. Hackers may simply look for high profile social media accounts as a form of visibility of their work, or to heighten the embarrassment associated with these actions. Or, if there is anger surrounding an issue, hackers may look to make a point through the source itself to convey the anger.
But if there is thicker security on transaction websites, like banks and online stores, to carry out actions, why not the same on social media?
Well, what is there to lose from a social media hack? Typically it turns into a short period of embarrassment which gets removed or resolved and then goes away. But if a large hack was done to, for example, a students record database where grades were changed, the entire institute that was victim to such an attack would be deeply hurt. The entire issue is a matter of risk analysis. A company doesn’t want to spend more money than is necessary for development or security. The deeper the risk potential, the more attention and resources will be developed to secure it. If the risk isn’t severe, basic security settings will suffice.
So as a reminder, what can people do to keep themselves safe from intrusion or hacks on social media?
First, remember that every now and then, this behavior pops up and can effect anybody. Users need to keep to a strong security hygiene practice.
- You should change your passwords every 2-3 months, and make them long & complex enough that they aren’t so easy to decode.
- Be wary of phishing scams that can provide access to your accounts without you knowing. If links to websites look unfamiliar, don’t click them!
- Maintain use of anti-virus and security apps and software on your devices. From smartphones to tablets, computers, and smart devices, we’re always connected. Having an extra set of eyes on our tools can help us maintain our safety and stay familiar with threats that are out there looking to find a way to our information.
Do not allow third-party apps to run while using your social media accounts.
Always log out of all your finance apps before logging into social media platforms.
Do not accept any unknown friend request, especially if the account of the other person was created within a few days before.
Important Tips:
1. Do not download any links that suddenly shows up in front of you.
2. Do not click on highlighted images on unknown websites.
3. Always try to log out of all your bank accounts on your phone before you go surfing the internet.
In these ways, you will be able to Stay Secure while using the internet.
Strong and frequently changed passwords mentioned by Dr. Sanjay Goel is good and very basic decision for online security but not the fundamental one. The fundamental approach against hackers and scam is secure internet connection provided from a) internet provider; b) hoster and c) user’s gadget. There are 3 essential things you should use when surfing Internet nowadays or buying something online (especially!): 1. Check the website for https protocol; 2. Use strong VPN for your Internet connection encryption; 3. Never save passwords, personal info (name, email, adress, etc) and credit card information in your browser’s cookie and cache, message drafts or аutofill forms.
Does this Digital Forensics Program require strong programming knowledge to pursue if so which platform i should be skilled with? Is this different from regular ethical hacking programs?