05:54 pm - Thursday 28 May 2015

Oman Facebook, Twitter users accounts hacked

By staff - Wed Apr 04, 12:00 pm

Muscat: Several Facebook and Twitter accounts of users are now faced with the problem of online hacking.

Blog sphere is ringing with activists account being hacked for trying to moderate the content posted by them.

Repeated online attacks have been not new to oman. As per Kasper-sky’s latest cyber attack and phishing report, users from Oman is listed as one of the most vulnerable.

Experts advise users to change the password every 3 months, passwords should be alpha numeric, and not to be saved in web browsers. Web browsers which are not updated regularly are also being tapped by hackers for user browsing history and other data which can be used to hack into user accounts.

Facebook also has the feature of recognizing login’s from a different region / country which is not your regular or usual place.

What are your Facebook habits?

Do you check your news feed or post items multiple times per day? Do you have an application on your cell phone? Do you use the messaging component in place of email?

For resident Autumn Geist, Facebook use is almost a necessity, and her online habits reflect her busy lifestyle as a mother, volunteer, and marketer. Through her personal account she acts as administrator of HSO and booster organizations for District 202, non-profits, the Naperville Jazz Festival, Spring Into Safety abduction awareness seminar, and music production company Soulistic 360.

She logs on first thing in the morning, and spends portions of the day posting photos or updates to her personal page, promoting events, and sending messages.

“People don’t use email the same way anymore,” she noted.

She said her connectedness to so many groups likely made her a desireable candidate for hacking. By wiping away her contact information, hackers effectively stole four years of information and connections that Geist built.

“It’s smart because they know you can’t do anything,” she said.

This past Sunday Geist’s daughter informed her that several uncharacteristic photos were being posted to her mother’s wall. While Geist frequently posted photos of her family’s activities, these new images were cars and shoes. Several friend requests she’d left pending had also been accepted.

Geist said she was immediately kicked out when she tried to access her account through Facebook Mobile. Her password had been changed. The hacker (or hackers) switched the order of her name, and removed her email and phone contact information. They also changed her email account password.

What most upset Geist is that a stranger now has access to friends and business connections whose information is not available to the public. It’s also a window to her children’s pages, including her son, who holds a secret account to take advantage of Facebook games.

“It’s like having someone in your house, in your drawers,” she said.

Geist doesn’t recall clicking on anything that may have incited the breach on her account; two days prior she said noticed a pair of gym shoes randomly posted to a cousin’s wall, and made a point not to click through.

While Facebook has a help page for abuses and policy violations, Geist said she’s received no response from Facebook administrators to reinstate her account. To let friends know what happened, she sent a message out through another Facebook user.

While other administrators can post messages to some of the pages she oversees, others, like Spring Into Safety, can’t be accessed at all right now. It’s left her unable to promote upcoming events—or reach out to some acquaintances.

One online security expert says diligent online security practices are the most effective way to prevent hacking.

“With the ever-growing technology population with phones, computers, cameras, there’s just a wealth of information for people to steal from you,” said Downers Grove police officer Robert Jacobs. He also serves as Vice President of Intelex Investigations, a firm based out of Lisle that performs computer forensics and other investigative work. He deals with issues from security to Internet exploitation of children.

He says that in most cases, the victims of hackers are individuals who “want to be more convenient than secure” in their Internet practices, like keeping accounts logged in at all times. However, he emphasized anyone may fall victim. So get to know the security settings of your online accounts. When choosing passwords, Jacobs recommends incorporating both upper and lower case letters, numbers, and symbols.

“I tell people when time change comes to check the smoke detectors, it’s usually a good time to change your password with some of your majorly used accounts. It can never hurt to be too safe.”

He also advises caution with the site’s many add-ons, particularly games.

“I know you want to be involved with your friends, but don’t do any of the games, or give applications access to your account,” Jacobs said. “If you do, make sure it’s a very tight window.”

A recent trend called “click-jacking” allows advertisers access to a user’s account information by creating a fake “like” button.

Geist said she’ll be more selective in the information she posts from now on, particularly with photos.

While Geist acknowledged that hacking is a risk you’re forced to take with participation on social media, she thinks Facebook should have a way to address these situations for businesses that pay the site to advertise.

For those who are looking to promote through Facebook, Jacobs advises looking toward a more obvious platform first.

“For me I would say you’re better off using your own website to promote yourself rather than going through social media,” he said. “You set the security, and generally no one’s going to hack my personal business website.”

A recent report on identity theft suggested that people who aren’t careful with their privacy settings on social media may be putting themselves at risk.

But Facebook, for one, says it offers additional protections to keep its users’ personal information safe. After recent high-profile hacks, like one last year at Universal Music, Facebook says it has taken steps to determine if any of its own users’ credentials may have been affected.

Although the security breaches did not occur at Facebook, people often use the same e-mail and password combinations for various online accounts. So if the information from one account is compromised, it may put other accounts at risk, too.

Sometimes, hackers are seeking to gain attention or to make a point and are not planning to sell the personal credentials they improperly obtained. (Recent attacks by the hacker group Anonymous are a case in point.) In those instances, the hackers may post the pilfered information on file-sharing sites, as proof of what they’ve done. In such cases, Facebook can obtain the information and compare it with its own records.

Facebook’s security team seeks out the hacked information and cross-checks it with credentials used by its members. “We try and monitor those channels proactively,” said Matt Jones, an engineer on Facebook’s site integrity team.

If a match is found between hacked credentials and those used for Facebook accounts, Facebook can lock out the affected accounts. Then, the next time the users log in, they are notified that because their information was compromised elsewhere, they must go through additional steps to verify their identity and must change their log-in credentials.

Facebook has obtained roughly five million credentials — typically, e-mail and password combinations — from publicly posted hacks and cross-checked them against Facebook accounts, said a company spokesman, Fred Wolens. He said he couldn’t provide statistics on how often a match had been found.

Mr. Jones noted that cross-checking hacked information is an extra, “aggressive” step that Facebook takes, in addition to security measures it routinely uses to verify users when they log into their accounts.

Have you ever been notified by Facebook that you must change your log-in or password?

Leave a Reply