China could be behind Twitter password reset

Twitter sent notices of an attempted hacking to China-based foreign journalists and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts.

The Voice of America reported Thursday that the emailed warnings did not say who was behind the hacking attempts. Chinese Internet users have had difficulty in accessing foreign websites and using virtual private networks (VPN) to avoid government censorship, the U.S.-funded VOA said.

Twitter routinely sends warnings when it believes a person's account has been hacked. The microblogging site then forces the person to reset his password. On Thursday, the company apologized for resetting more passwords than necessary to protect users from a recent hacking.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter said in a tweet. "We apologize for any inconvenience or confusion this may have caused."

Twitter, which did not respond to a request for comment, has provided no details on the hacking. However, VOA reported that journalists and analysts have been expecting a censorship crackdown as China's Communist Party begins meetings to set in motion a leadership change.

David Bandurski, head of the China Media Project in Hong Kong, told VOA he received a warning that his Twitter account had been hacked just as he was tweeting about Chinese President Hu Jintao's speech at the 18th Party Congress.

"I had someone else, a programmer, look at it and say that's a legit message from Twitter," Bandurski told VOA. "Beyond that I don't know what that means or who could be behind it. I have my guesses that I won't hazard, but I'm not sure what to say other than that it's an annoyance."

[See also: Chinese official defends Internet censorship]

Contacted by email, Bandurski declined to provide more details. "I've been very careful to explain to reporters that I'm not speculating about what happened, that they need to find out from Twitter," he said.

Prolexic, a security vendor specializing in distributed denial of service (DDoS) attacks, said it had not seen any significant changes in activity out of China. "It has maintained its position as one of the top three countries originating DDoS traffic over the last 2 quarters," a spokesman said.

Hackers with stolen user names and passwords will hijack Twitter accounts to distribute links that send users to malicious websites. Cybercriminals are also opening accounts to tweet commands to malware controlling compromised PCs, McAfee reported recently in its second quarter Threats Report.

Overall, four in 10 social network users have been victims of cybercrime on the platforms, according Symantec's 2012 Norton Cybercrime Report. In addition, one in six reported that someone had hacked into their profile and pretended to be them.

A U.S. commission has fingered China as the biggest cyberthreat, due to relentless attacks against U.S. military systems and defense contractors. The U.S.-China Economic and Security Review Commission is scheduled to release its findings to Congress next month.

Read more about access control in CSOonline's Access Control section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Identity & Access | Access ControlpasswordNetworkingsecurityChinaAccess control and authenticationtwitteraccess controlIdentity & Accessmanagementhack

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts