Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can my PC be hacked via Twitter and can I protect against it?


  • Please log in to reply
9 replies to this topic

#1 JonWinston

JonWinston

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 03 April 2017 - 06:46 AM

Hi folks. Had a 'discussion' with someone on Twitter and I can see from their TL that they have threatened to hack people's computers and tablets before, using their Twitter accounts.

 

Is this possible if I don't click on any links that the other person concerned has published?

 

If it IS possible, how can I stop it happening? They seem a very malicious type judging from the things they said. If I'd have known this I wouldn't have entered into a (from my side, civil) discussion with them. 

 

Note for future: always check before becoming embroiled!



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:57 PM

Posted 03 April 2017 - 02:46 PM

I would say you could be attacked via social engineering.  For example, clicking on a email link to reset twitter password and you get sent to exploit kit site that would silently install malware.


Microsoft MVP Consumer Security--2007-2010

#3 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:57 PM

Posted 03 April 2017 - 02:48 PM

Additional info

https://blog.malwarebytes.com/cybercrime/2013/02/tools-of-the-trade-exploit-kits/


Microsoft MVP Consumer Security--2007-2010

#4 JonWinston

JonWinston
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 03 April 2017 - 05:03 PM

I would say you could be attacked via social engineering.  For example, clicking on a email link to reset twitter password and you get sent to exploit kit site that would silently install malware.

Thanks, sjpritch: so as long as I don't click on any such link I should in theory be okay?

 

Thanks again for the reply.



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:57 AM

Posted 03 April 2017 - 06:00 PM

The only way i could see them doing this would be by exploiting the application (If twitter has one, i dont use that crap!).

The other way would be to use XSS exploits through URL's.

 

i dont know how twitter works as far as its API goes but if you are just using a browser, unless they are using some exploit i would say just viewing a tweet would be harmless.



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:57 PM

Posted 05 April 2017 - 03:57 PM

From time to time I see that a Twitter account that follows me (or I follow back), gets compromised: it starts sending me spam.µ

 

So it happens, and I believe it's because of compromised credentials: phishing, weak password, ...

 

This can be prevented by adding an extra authentication step, as explained here:

https://support.twitter.com/articles/20170388


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 06 April 2017 - 06:21 AM

Social networking sites (MySpace, YouTube, Facebook, Twitter, etc) can be a significant security risk which could make you the victim of all sorts of criminal activity and your computer susceptible to malware infection.

FBI Cyber Tip Warning: Social Media and the Use of Personal Information

...just like any kind of cyberspace communication, using social media can involve some risk.. Once a user posts information to a social networking site, that information can no longer be considered private and can be used for criminal purposes. Even if you use the highest security settings on your account, others may—intentionally or not—leak your information. And once in the hands of criminals, this personal information can be used to conduct all kinds of cyber attacks against you or your family members, friends, or business associates in an effort to obtain additional and even more sensitive personal information...Criminals who troll social networking sites looking for information or people to target for exploitation run the gamut—from sexual predators, hackers, and financial fraudsters to business competitors and foreign state actors.

Social engineering has become on of the most prolific tactics for distribution of malware, identity theft and fraud.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 downloaderfan

downloaderfan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 14 April 2017 - 12:06 AM

The only way i could see them doing this would be by exploiting the application (If twitter has one, i dont use that crap!).

The other way would be to use XSS exploits through URL's.

 

i dont know how twitter works as far as its API goes but if you are just using a browser, unless they are using some exploit i would say just viewing a tweet would be harmless.

 

Ok, could my computer be compromised even if I visit a malicious website using Tor browser at 'High' security level? Since XSS depends on javascript, I don't think those exploits would work. I'm looking for safe ways to visit suspicious URLs without getting infected.


Edited by downloaderfan, 14 April 2017 - 12:08 AM.


#9 JonWinston

JonWinston
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 14 April 2017 - 03:25 AM

Thanks, all. The account I use is under a pseudonym and I keep personal info to a minimum. I also frequently delete my tweets. 



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 14 April 2017 - 05:18 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users