Las Vegas Expert in Search Engine Optimization & Search Engine Marketing

GoDaddy is sometimes hard to take seriously; its marketing department seems to be run by the same bunch of teenage boys in charge of Axe commercials.  But GoDaddy is still the world's largest domain registrar, and it's poised to help Twitter with a new step in its registration process.

GoDaddy seems to have made the assumption that anyone wanting to create a website will also want to establish a presence on Twitter.  Adam Ostrow reports that it's actually "integrated Twitter registration into its domain manager, allowing you to see if the Twitter username that matches your URL is available, and if so, register it."

This says a great deal about how important Twitter has become to the people at GoDaddy (and indeed, you can find GoDaddyDeals, GoDaddyJobs, and GoDaddyGuy Twitter accounts, with that last one being rather popular and putting out about ten tweets per day). 

It says something about what GoDaddy thinks its customers want, too.

And since every single GoDaddy customer probably hasn't been switching back and forth between the domain registrar and Twitter while trying to name a company, this development may introduce Twitter to a lot of new people.

There has been more than one story in the news recently about Twitter accounts being hijacked. The most recent examples of note include the accounts of Britney Spears and famed blogger/entrepreneur Guy Kawasaki. These issues have highlighted some potential dangers of using the service, or really social networks in general. Have you encountered security issues with Twitter or other social networks? Share with WebProNews readers.

Amit Klein, CTO of Trusteer, a security firm, who counts the nation's largest direct bank, ING Direct, among its customers, feels that Twitter account hijacking is an issue that more people need to be aware of. WebProNews asked Klein a few questions about it, and the following is the resulting Q&A session.

WebProNews: Please talk a little bit about what is happening when Twitter (and other social network) accounts are hijacked.

Amit Klein: Typically, criminals hijack Twitter accounts in order to spread malware. That is, they abuse the hijacked accounts to post messages to all the "followers", with a link to a site that serves malware. In the Guy Kawasaki incident, for example (not a classic account hijacking, but still a malware spreading campaign), of the 139,000 followers, it is estimated that hundreds got infected. Earlier this year, accounts of 33 celebrities (among them Barack Obama - 1.6 million followers, and Britney Spears - 2.1 million followers) were hijacked.

WPN: How big of a problem is hijacking of Twitter (or other social network) accounts?

AK: This is quite bad, since a twitter account enables one to send malware links and plain spam to all followers. Of course - the more followers, the more widespread the attack is.

WPN: How common is it?

AK: Over the last 10 days, we've seen two high profile incidents, in which an account was abused to serve spam and malware. One is the Guy Kawasaki incident, and another is Britney Spears.

WPN: Has it been limited to "high profile" accounts, or is it becoming common for regular users as well?

AK: Obviously the media covers only the high profile attacks (celebrities, politicians, etc.). We believe that attacks against more average accounts are also taking place - quite possibly via mass production utilities.

WPN: What are the dangers that come with it?

AK: The most obvious danger is that a hijacked account can be used to serve malware and spam automatically to all a user's followers. An account can be hijacked a long time before it is abused. Attackers usually wait for the right opportunity to hit as many users as possible.

While twitter is currently used to spread malware, it's a perfect platform to commit fraud as well. Followers trust the messages that come from the person they follow, while in reality the message could be spam trying to convince followers to fall to a scam. A very simple example would be a request to donate a small amount of money to charity (for example to support the situation in Iran). The link would go to a fraudulent website that records credit card numbers. A high profile account that sends such a message could result in hundreds of thousands of compromised credit cards.

Another example is false rumors about companies and stock, which could result in pump and dump attacks.

WPN: What can users do to protect their accounts?

AK: To secure their Twitter presence, users needs to take several actions:

1. Protect their twitter credentials - users need to be vigilant and keep on the look out for Twitter phishing attacks, and pharming (DNS poisoning) attacks. Users can install client side security tools that ensure they are only providing their Twitter credentials to the genuine twitter website. In doing so, they will protect their credentials against keyloggers or malicious browser plug-ins ("man in the browser" attacks).

2. Control and protect their twitter information. As tempting and convenient as it may be, using 3rd party applications and services that enhance Twitter may increase the exposure of users to abuse. Every website which is allowed to automatically post to a user's Twitter account adds attack surface that criminals may exploit.

WPN: Please feel free to discuss anything else related to the subject that you feel people should know.

AK: Somewhat akin to phishing, is a practice called "twitter-squatting", wherein names of people/organizations are registered by fraudsters (or sometimes pranksters). It makes a lot of sense to monitor for such registrations, or better yet, to register brand names and individual names as early as possible to thwart such attacks.

Another threat associated with Twitter is abusing "Trending Topics" to serve malware. The attack involves sending many tweets (with malicious links) with some special keyword in them, so that this keyword will show up as a trend in the "Trending Topics" list at twitter.com. A user that views a sample tweet for this keyword and clicks on the malicious link will be served malware.

Both examples show how well established web attacks carry over into the twittersphere. Cyber squatting is a well-known practice on the web, which is now occurring in Twitter. Likewise, search engine poisoning is a common practice on the web, and now in Twitter also.

Security-wise, Twitter should be treated both as an individual website with its own potential security issues, and as a microcosm into which many existing web attacks can be mapped. This makes securing Twitter harder than protecting typical websites.

Wrapping up

WebProNews would like to thank Amit for sharing the above insight into Twitter security issues. Has your Twitter account ever been hijacked? Have you been a victim of Twitter abuse of any kind? Tell us about it.

Twitter has started linking hashtags in tweets to Twitter searches. A few other Twitterers have started to notice as well:


The move makes sense, considering that the hashtag phenomenon has reach tremendous popularity. They often appear in the trending topics.

The move also illustrates a greater emphasis being placed on Twitter Search, which only this year has become a focus of the company. It wasn't that long ago that it was added to the Twitter home page, and it is already sparking big interest in real-time search throughout the entire search industry.

What would you say if a company asked you if you’d like to have all of your home, work and cell phone calls, all your text messages, all your conference calls, all your voicemail -- pretty much anything you say or type into a phone -- ALL of it -- go thru their 3rd party service? You, like me, would probably say; Thanks but no thanks.

More WebProNews Videos

But wait. What if they were going to give you a bunch of really cool features and capabilities in the process?  For free? Oh, and what if the company were Google?  Now you might be saying; Oh yeah?  Well... what kind of cool features?  I would.

Google Voice is the new ‘Coolest Thing Ever’ coming out of Google.  Basically, what they are doing is allowing you to centralize your multiple phone numbers (work/home/cell etc).  In the process they have come up with all kinds of handy tools and features that give endusers more control over their telecom than they have ever had before.

Essentially, here’s how it goes down.  You get a new Google assigned phone number.  Then, you route all of your other phone numbers thru that number.  So, your office phone, your work phone, your home phone - whatever. Google voice will allow your calls to selectively ring thru to any of the destination handsets you choose.  It really is a handy idea in concept.

Beyond that, Voice adds all kinds of cool little bonus features for example:

- You can selectively ring calls thru to multiple destinations.
- You can selectively block and screen calls
- You can send, receive forward and store SMS text messages
- Check your voicemail online, read it via email or text (you can even forward it)
- You can create personalized voicemail messages per contact
- You can group your contacts and manage their preferences on a group level
- Conference calling, call recording, call switching, 411 info -- all that kind of thing is in there.


Now, rephrase my original question and substitute Google for ‘a company’. Do you still flatly refuse? I’m thinking a lot of people will just say “Oh, it’s Google” and after that, “Well sure, that sounds fantastic! Wow. Man, Google is cool aren’t they?” So, my question is:  why is that?

Yes, Google Voice is cool.  Yes, I have signed up. Yes, I realize using it means everything I use it for becomes more data for Google to ‘organize’.  But I might do it anyway and I won’t be alone.

The way I see it, Google Voice users will be made up of three groups of people:
Group 1: Realize how much data the service gives Google access to, but trusts Google enough that it isn’t a concern.  These folks also elected Obama and only eat tuna clearly labeled dolphin safe. 

Group 2: Realize the data issue but don’t care, because they realize their ‘data’ is all over the place anyway - Google might as well have some (more) too. These are also the  people who told their classmates about Santa in the 3rd grade.

Group 3: No idea or thought paid to the matter of their data and who sees it. This the reality TV set.  As long as the Bachelorette is still on Monday night... they’re good to go.

Add those guys up and Google Voice will do just fine.  Even some of the people that refuse to use over privacy issues will trickle in after a while.  Peer pressure and the whole, ‘man I wish my phone did that’ factor is not to be lightly discounted (just ask Apple).

Google Voice does lots of neat stuff...  Sure you give up a little in the way of data privacy, but hey... selective call block?  How cool is that? I can go to the lake and have my office line ring to my cell?  Well that certainly has it’s practical applications.  We are, most of us, used to trading a little bad for a little good. So what’s it going to be for you? Are you Pro or Con on the Google Voice thing?  If you are, which of my groups do you fit into, or are you a group unto your own?