Twitter and the Dark Arts

Netskope
November 6, 2013 By Flickerbox Inc.

In California there are many situations that may seem like certainties: hearing someone talking about technology, seeing a Peet’s close by to a Starbucks, or seeing someone using a laptop almost anywhere. But there is something that is a guarantee, seeing a Toyota Prius in almost every parking lot. Since I moved here (of course not buying one but three different Prius) there has been more than one occasion I entered the wrong car. This is something easy to do. There are only so many colors and options and in the end they all just look the same. Even my last Prius, a Prius V,  became very popular and its not too uncommon to see not only the same make and model but also the same starting letters of the license plate. So if it looks like the right Prius and it smells like the right Prius does that make it the right Prius? Well not always. Once my wife mistakenly entered the wrong Prius only to have the driver of that Prius enter our own Prius. I’m pretty sure a small star in a distant solar system imploded due to this cosmic coincidence, but everything did work out and thankfully no one drove off with the wrong trashcan full of empty Starbucks and Peet’s coffee cups.

One could say the same thing for web links that are posted in social media. They are all just links to content so isn’t it all the same?

Link hijacking is not a new technology or even a technology this is a simple misdirection. It is something that leads a person to believe that a site or content sits beyond a link where in fact it may be potentially malicious. This traditional “Trojan Horse” technique is seeing a reprise on the social media network Twitter. While Twitter has been an active product since 2006, its upcoming IPO and #EveryDamnThingHasAHashTagNowIJustCantEscape has made the platform more popular than ever. Since Twitter is in the media it makes sense for attackers to utilize it as a platform to deliver malicious content. Let us take a look at a few of the common types of attacks and how you can prevent them.

The first step to prevent of accessing any malicious content is to trust its source. Is the source of the link someone you can trust? This may not be enough evidenced by the recent hack of some tweets from Obama. The links in his tweets were modified because the URL shortner service was hacked. This let attackers point the modified URLs to a site containing a political message. So even the very same link that was used a day before was in turn made into a malicious link. Ironically Twitter suggests against doing this for this exact reason. Twitter automatically will shorten your links for you and also validate that the links are safe. Another method someone might retweet a popular message and then point the new message to a modified URL. These and other techniques are the same. Take a link and make it look like you are going to a good place when really you are not.

Once you’re on a malicious web page the attacker can deliver all sorts of malicious payloads to the end user. Its actually much easier for an attacker to spend days spamming out these types of messages than it is to attempt to breach through a firewall. Odds are a company is less likely to detect it and your success/failure ratio will be much higher. If that’s the case, then what do users do about it? Well, first, no matter what site you access, you should always be cautious. Look for strange behaviors: random windows popping up, content that doesn’t seem to look correct, extra errors in the page, strange typefaces. If you see this, close the page and don’t go back, it could be just an error or it could be the worst computer virus unleashed on mankind. If you are uncertain, ask a friend or your friendly IT staff. While they may be annoyed with your 2000th question, they would rather have a question that prevents future problems than you creating more.

The American comedian Ron White has a famous saying “You can’t fix stupid”. This resonates well because we often see people doing the same silly things over any over again without any improvement in behavior. This is the case of why the “Trojan Horse” method works time and time again. It’s an effective method of enticing people to take an action. I implore you stay away from those random sites promising the secrets to Honey Boo Boo’s family or the free download for Photoshop 11. What that text really reads is “come over here, stupid”.