wpostServer: http://css.washingtonpost.com/wpost

The Post Most: Business

DJIA
-0.10%
S&P 500
0.14%
NASDAQ
0.23%
 Last Update: 09:59 PM 04/17/2014

World Markets from      

 

Other Market Data from      

 

Key Rates from      

 

Blog Contributors

Timothy B. Lee

Timothy B. Lee

Timothy B. Lee covers technology policy, including copyright and patent law, telecom regulation, privacy, and free speech. He also writes about the economics of technology. He has previously written for Ars Technica and Forbes. You can follow him on Twitter or send him email.

Brian Fung

Brian Fung

Brian Fung covers technology for The Washington Post, focusing on electronic privacy, national security, digital politics and the Internet that binds it all together. He was previously the technology correspondent for National Journal and an associate editor at the Atlantic. His writing has also appeared in Foreign Policy, Talking Points Memo, the American Prospect and Nonprofit Quarterly. Follow Brian on Google+ .

Andrea Peterson

Andrea Peterson

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government. She also delves into the societal impacts of technology access and how innovation is intertwined with cultural development.

Post Tech
About / Where's Post I.T.?   |    Twitter  |   On Facebook  |  RSS RSS Feed  |  E-Mail Cecilia
Posted at 03:34 PM ET, 06/01/2011

Rep. Weiner victim of attack? Security experts say it can happen easily

Rep. Anthony Weiner said Wednesday that he was the “victim of a prank” with his now infamous Twitter photo fail.

He has said his Twitter account was hacked when a tweet from his account to a Seattle area woman contained a photo of a groin.

As the lawmaker’s assertions are picked apart, security experts weighed in on his story.

Turns out, there are plenty of tools within easy reach for pranksters and hackers to break into a Twitter or Facebook account, according to John Harrison, a group manager of security firm Symantec’s Security Response team.

But public figures such as Weiner should know better and work harder to make their accounts secure, he and others said.

Politicians have more public information about themselves on the Web — their high schools, family members’ names, birthdates, hometowns and pets’ names. A hacker need only read through the tweet stream of a politician such as Sen. Claire McCaskill (D-Mo.) to know that her daughter graduated from college last week and that she’s trying to lose weight. All that information and public records make it easy to guess user names and common passwords.

If they can’t access a Twitter or Facebook account directly, hackers will try to use those same tricks on the user’s e-mail accounts. Once an e-mail account is breached, a hacker can reset their victim’s username and password on social media accounts.

Here are the other ways Weiner’s account could have been compromised:

• Phishing attacks: A user receives an e-mail saying an online account has been compromised. The e-mail will ask for credit card information, usernames and passwords.

• Malware: Twitter is all about passing shortened links. Be careful when you click on those links, however, which may contain malware that gets into your computer and steals information from your hard drive.

• Unsecure Wi-Fi networks: It’s nice to log on to your public library or coffee shot hot spot, but hackers on the same network can get into your online accounts through your browser. Solution: Weiner shouldn't be checking his Twitter account at the Capitol Hill Starbucks. He should use a secure Web connection like “https” or “ssl.”

Twitter sent around tips to Congress members for safer tweeting habits after concerns that their own accounts could be hijacked.

Here’s what people can do to keep their social media accounts safe and secure, Harrison said:

• Look for advanced default settings offered by social networks.

• Use secure wireless networks

• Update security patches often

• Set up social media accounts to provide alerts when being accessed from a new device or location

• Don’t be predictable: Don’t use 1234 or your spouse’s name as your password.

By  |  03:34 PM ET, 06/01/2011

 
Read what others are saying
     

    © 2011 The Washington Post Company