SANS Digital Forensics and Incident Response Blog

Why I Chose Not To Post My Interview With The Twitter Attacker

by Ira Victor

The blogosphere was atweet this weekend with news of a DarkWeb attack on Twitter users. As co-host of the Data Security Podcast, I believe I was the first to contact the man who claims to be the creator of the attack.

We thought better of using his voice on our podcast, though, when we realized he's only 17 years old. That makes him too young to consent legally to a globally-distributed interview. He may also be too immature to be a reliable source. The jury's out on that.

At this point, we've decided to sit on the tape, even though the young man's identity and his claims of responsibility for the Twitter hack have been widely revealed.

The other co-host of Data Security Podcast, Samantha Stone, spent quite a few years in a broadcast news room, and it's her insistence that has prevented us from posting the audio, based on the age of the subject, his assertion that he was drunk when he conducted his exploit, and the interview, and a healthy dose of journalistic skepticism.

(She reminded me that just last week, The Taliban claimed responsibility for a mass shooting in upstate New York, which turned out not to be the case, according to police. She questioned whether this "kid" is
responsible for the Twitter attack just because he says he is, and beyond that, is he a "kid" at all, or is he older than 17? If he is a kid, why are his parents allowing him to stand in the media spotlight when he could be in big legal trouble? By the way, where are his parents? All good questions.)

Indeed, the young man has changed his story since he spoke with me. Last night said he did it to drive traffic to his website. He now claims his attack was calculated to expose a Twitter vulnerability. And as I post this, there are more attacks against Twitter, according to multiple sources.

But there's more to say about this Twitter attack. As everyone knows, the attack took the form of spam invitations to visit Stalkdaily.com, a site the young hacker claims to have created. Stalkdaily.com is a site with features similar to Twitter's, but allows users to add multimedia to their posts.

In my conversation with the self-proclaimed attacker, I got a description of his methodology, which also has been surmised by other analysts. What's NOT getting much ink is that this man exploited a common vulnerability that exists on a huge number of websites (cross-site scripting attacks - XSS). Only because Twitter is the flavor of the month is there so much attention paid to this XSS attack.

There is evidence that there are thousands of these attacks going on every day, but since the web sites aren't called Twitter, the attack is not on the radar screen for mainstream media. In my experience, the owners of the sites that come under the attack rarely have proper incident response plans, and they rarely do the proper forensic work related to an attack.

I fear that all the attention will be on Twitter, and on a young man seeking his 15 minutes of fame, rather than on the same serious security issues that are present on many, many other web sites.

Note to Tweeters: You should add layers of security to your Twitter usage, if you have not already done so. HOWTO: Protect Yourself On Twitter (Lessons Learned From The StalkDaily Twitter Hack)

Ira Victor, G17799 GCFA GPCI GSEC-Gold, is Co-Host of the Data Security Podcast, 30 minutes of news every week on data security, privacy and the law. Ira Victor an information security analyst and consultant with Data Clone Labs. Ira is also President of the Sierra-Nevada Chapter of InfraGard.

1 Comments

Posted April 13, 2009 at 1:05 PM | Permalink | Reply

dewritermd

Excellent article''once the ''worm' has been quelled, I will pass this on to my Tweeps! Thx