Today is Computer Security Day. I suppose it’s the annual Cyber equivalent of ignoring proclamations to check those home fire alarm

batteries. You’ve probably noticed the growing number of people on FaceBook and Twitter mourning the hostile takeover of their social media accounts.   I’ve helped a few over the phone, going over the basics to lock the offending individuals out and restore that warm, fuzzy feeling of security. Thank God for AT&T’s Nationwide plan.

There are a variety of ways your social media account can be taken over.  The US-CERT (Homeland Security’s U.S. Computer Emergency Readiness Team) warns of two common methods of Cyberjacking Social Media accounts – via hackers and through malware.

Hackers “hack” away at your account by figuring out your login information or exploiting known weaknesses in an online website or application.  This was the case when Sarah Palin’s Yahoo! email was hacked into during the last Presidential campaign.  Using a well-known exploit of Yahoo’s password reminder feature and a looksie at Google and Wikipedia, it took just 45 minutes for a college kid to get access to all of Sarah’s emails, and to block Sarah herself out.  The details as to how this was accomplished are well-documented…

Malware is a bit of software code designed to look in certain places that personal and private information is typically saved.  Many of us allow our web browsers to save our popular website login information for more rapid access during future visits.  This information is saved on a text file in a default location, easy to find by a software “worm” sniffing around on your machine.  To get the malware, simply download it by visiting an infected website…

Let’s talk about some ways you can protect yourself in Social Media from both hackers and malware:

PASSWORDS

The most important (and private) bit of information about your social media account is the password. Here are 6 tips to creating and maintaining a relatively indecipherable password:

1. Don’t use passwords based on personal information that can be figured out elsewhere (blogs, tweets, Facebook status information, Wikipedia.)
2. Don’t use a word that can be found in the dictionary. Any dictionary.  Some hackers use specialized software that will run through every single word quite rapidly.
3. Use both lower- and upper-case letters when you can.
4. Use alphanumeric combinations, and even special characters if allowed.
5. Don’t use the same passwords on everyplace you go on the Web.
6. If a passphrase (a pass-sentence vice a pass-word) is allowed, go for that instead.  It’s more complex to figure out.
7. Change your password every 6 months.
8. Avoid allowing your browser to save your login information.  This is especially true when using a shared or networked machine.

PRIVACY

After establishing your Social Media account, make sure that you have the level of privacy you desire.  FaceBook has a variety of settings to limit who can see your profile information, status updates, and replies to others.  Twitter allows you to lock down your tweets so nobody can see them unless logged in and are one of those you personally follow.

Try to strike a balance that provides the protection you feel you need while leaving the ability to network with others.  If you are a very private person, then I would suggest visiting these settings immediately after creating your account, as by default your comments are left pretty wide open for viewing…

Ticked off someone recently?  Then lock down your viewing settings until things cool down…

CONNECTIONS AND APPLICATIONS

Those games on FaceBook are pretty enticing, aren’t they?  I enjoy Café World but have let my field in Farmtown go fallow long ago.  I play along with a few Facebook friends.  There’s nothing wrong with enjoying the games, and they easily snap into your account by sharing login authorization information.  Be aware that many of these applications are 3rd-party, which means they weren’t created by you, or even by FaceBook.  They were made by another organization, and although their security level may be good enough to have gotten FaceBook’s seal of approval, if their servers are ever breached by hackers, your Social Media account information might be compromised too.

Your Facebook applications can be found by clicking on the Applications Settings under the Settings tab.  There you can delete or limit what the application can do.

There are a variety of web-based applications that tie into Twitter and enhance its desirability as well.  Twitpic, 12Seconds, Blip.fm, Tweetmic and other applications add photos, video, music and even your voice to the Twitter stream, making it a true multimedia experience.  To tweet the multimedia to your followers, you have to link the application to your Twitter account.  This means you are either sharing your Twitter username and password or allowing the application to connect using a special process the application’s creator and Twitter have agreed to.  The application then can draw information from your Twitter account or tweet something for you when desired.

The list of applications (or Connections as Twitter calls them) can be found in your Settings tab.  You can revoke access to a given application any time you want, and I do recommend that you go now, review the Connections you have made in the past (and long forgot,) and revoke Connections used only rarely, to limit liability if one of the great new tools you are using gets hacked itself…

DM LINKS

We’ve all seen them on Twitter by now.  The wonderful links in our Direct Messages telling us to check our IQs, or that we are in a funny video, and to please click here to see it.

These are often examples of the second method of account compromising, Malware.  The DM itself has been sent from an account that has itself been hacked, and forced to send out more versions of the original message that got this guy in trouble in the first place.

If you click on the links, they will take you to a website with a file that’ll sneak itself onto your machine.  If your browser security settings are low, your machine will allow the download. In your browser’s Tools settings, you should be able to find a security setting which will force the browser to ask you before anything is downloaded on it. An explanation of browser settings and adjustments from CERT are here… The code snippet contained in the downloaded file will sniff through your computer, looking for saved login information, and may even record every keystroke you make on the keyboard.

If you follow the bad link you may soon find your social media account hacked into and tweeting out whatever the hacker wishes to send on your behalf.  You may also find your bank’s Internet address and financial login information passed on if you are not careful! Best to never, ever click on the link in a DM, even if the DM came from someone you trust, without first clearing the reason for sending it openly on Twitter or via another method.  For the untrusting, McAfee offers a free download, Site Advisor, which will allow you to scan websites before visiting them for viruses, malware, or adware.

RECENT TECHNIQUES USED

The DM links have begun to move into the Twitter stream now, as hackers use automated Twitter profiles to tweet you what appear to be personalized links.  They always throw me off, as I’ve never spoken to (or follow) the individual(s.) These links will do the same damage as those that were once sent via DM, so steer clear of them, unless you know who sent them, and again have determined why.

The addition of hash-tagged trending topics in tweets containing bad links has shown some resurgence, as hackers try to get you to find their links by clicking on a trending topic.

The creation of accounts using names nearly similar to popular heavyweights on Twitter, in order to lure you into trusting their information.  Danny Devito created an account on Twitter not long ago, and immediately a fraudster created an account using the same avatar and a similarly-spelled name.  Make sure you are following who you think you are!

Methods to hack you or Phish (Internet slang for fishing for your private information) you will continue to evolve in Social Media, so take the time to read and heed the warnings that come through on the stream.

IF YOU ARE HACKED

So you have received a tweet stating that someone following you received a DM with a suspicious link, and you know you never DM’d them.  You can’t get into your FaceBook account anymore, and you see things on it you never typed in.  Now what?

Where you go from here depends on whether or not you can still login yourself to the account…

If you can get into your account still:

• Immediately verify that the email attached to the account is correct. If not, change it back.
• Change the password, logout, and then login with the new password.
• Take a look at the Twitter Connections or FaceBook applications and delete those that are suspicious, or revoke their access.  Remove access for those that you know you don’t need.
• Consider yourself lucky as you delete the undesirable comments and apologize to everyone.

If you cannot get into your account anymore:

• Contact customer service immediately with the problem, and be both persistent and forceful about getting them to verify your account information and reset the password for you.  Be prepared to provide any information asked of you to verify your identify…
• Customer service for Twitter
• Hacked account service for FaceBook
• After you get in, immediately verify all personal profile information, all login information, change your password and remove all unauthorized applications.  Then remove undesirable information and let everybody know what happened, to warn them…

I hope that this information helped you somewhat.  Don’t wait until you are hacked like Britney Spears, Guy Kawasaki, Bill O’Reilly, Rick Sanchez (right,) and thousands of others on Twitter and FaceBook to fix things. Here’s a great article by TechCrunch detailing a number of celebs who had some pretty embarassing things placed in their name by hackers…

Go look now and make the needed adjustments, because I want to keep reading what YOU have to say, not what some Cyberjacker makes you say!  I always knew Rick’s smile had something special behind it…