While a small number of Facebook and Google users have, in the past, been warned that their accounts may have been hacked into by something called a “state-sponsored actor”, users of social media platform Twitter have largely escaped unscathed by the phenomenon. Or at least they haven’t been told about it. Until now, that is, for earlier in December Twitter contacted a group of users who may also have been targeted.
But how at risk actually are you from a state-sponsored cyber attack? Is your small or medium-sized business in danger of being targeted? And who is behind these hacking attempts? Well, going by the warnings recently issued by Twitter, reports so far suggest that people, companies or organizations connected to internet security and freedom of speech are currently most likely to be at risk. But ‘currently’ is somewhat ambiguous, for in the world of cybercrime things can happen at lightning speed, and someone who is a target today might be deemed out of danger tomorrow – and vice versa.
As always, the best form of protection is to be forewarned, and you can only do that by learning as much as you can about the latest threats, scams and attacks. If you are a Twitter user, be it personal or for business use, you may be wondering why you have not yet heard of these alerts. That’s because Twitter’s messages were only sent to a small, and mostly rather niche, group of users. (amicusmongolia) The email informed these users that Twitter was contacting them as a precaution due to their accounts “possibly” having been hacked by the state-sponsored actors. The email also stated that they believed that the actors may (or may not) be associated with a government, and that those involved had been looking to obtain personal information such as email addresses, phone numbers and/or IP addresses. So far, so vague!
Twitter then goes on to say that, although they have no evidence that any accounts were compromised or any data was stolen, they are actively investigating. They also lamented the fact that they wished they could say more…but that they had no additional information at that time. The email goes on to attempt to reassure users that their accounts may not have been an intentional target, but admits that if a user tweets under a pseudonym, that Twitter understands they may have cause for concern. But with so many Twitter users tweeting under a different name – and perfectly innocently, at that – what’s the real cause for concern here?
The issue lies with the type of accounts that were mostly targeted. The majority of these belonged to people or organizations connected to, or concerned with, cyber security. In fact, Twitter even offered some handy advice on protecting your online identity, suggesting users read up on the subject at the Tor Project website. Somewhat coincidentally, one of the victims of the attempted Twitter account hack is an activist and writer who currently educates journalists about security and privacy – and who used to work for the Tor Project. Another is a Canada-based not-for-profit organization involved with freedom of speech, privacy and security issues, and one of its founders is a contractor for the Tor Project.
Other Twitter users who received the email are also involved in some way or another in cyber security, albeit as self-described “security researchers” or simply by way of following or engaging with the online security community. This might lead you to the conclusion that, if you’re not in the business of security and instead keep your tweets to sport, entertainment, and the latest must-have gadgets, you are not at risk. But we urge you not to be so hasty. That’s because, within that small group of people who were contacted by Twitter, a large proportion of them had nothing to do with activism, freedom of speech, calls for greater privacy, or anything of the sort.
This means that, far from brushing this latest round of cyber threats under the carpet, individuals and business owners – whatever industry they are in – do have at least some cause for concern. As yet Twitter has not released details of the state the “actors” are sponsored by, so for now we are none the wiser as to whether it’s a homegrown issue or one from further afar – say North Korea or China.
What does all this mean for you as a business owner or manager? It means that you should be taking your online security more seriously than ever. It’s no longer just your network that is at risk; now simply having an account on a social media site such as Facebook or Twitter could be providing less-than-desirable third parties with the portal they need to access your company’s private information.
If you’d like to know how to ensure the online safety of your organization, give us a call today. Our experts have experience in everything from securing your computer network to increasing safety when it comes to sending out those all-important tweets!