Two recent developments have all but guaranteed Twitter’s successful crossover into the mainstream: First, the popular social networking site — and its bluebird logo — are included in a new Sprint national television ad campaign. Secondly, the network was the target of computer worm attacks apparently launched by a teenager over the Easter weekend.
The latter security-related development buys the white-hot service the kind of publicity it would rather not have, especially as tech media chatter continues to focus on possible mergers/buyouts and potential revenue-generation ideas in the works from Twitter’s founders.
“On a weekend normally reserved for bunnies, a worm took center stage,” Twitter cofounder Biz Stone wrote in a Sunday company blog post. “We are still reviewing all the details, cleaning up, and we remain on alert. Every time we battle an attack, we evaluate our Web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities.”
The social network fought off a total of four attacks from two separate worms, the first beginning about 2 a.m. PST Saturday morning and the last ending early Monday morning. A 17-year-old, Mike Mooney, has taken credit for writing the worms in an interview with NetNewsDaily; Mooney said he was bored and wanted to draw attention to his own Twitter-like site, StalkDaily, but also claimed to highlight the JavaScript vulnerability that allowed the worm to compromise nearly 200 accounts. Twitter was forced to delete some 10,000 tweets because of the attacks.
Vulnerabilities of Web 2.0
Mooney could face jail time, and Stone hinted at a possible charge in his blog posting. Stone said the attack was similar to the Samy worm that burrowed onto the MySpace social network in 2005. “At that time, MySpace filed a lawsuit against the virus creator, which resulted in a felony charge and sentencing. Twitter takes security very seriously, and we will be following up on all fronts,” Stone stated.
However, the security vulnerability Mooney exploited points to the very nature and appeal of social networks: the ability to share everything — including potential threats — in real time. “This is exactly the type of ongoing security issues that go hand-in-hand with Web 2.0 -style technologies,” Trend Micro threat researcher Paul Ferguson told TechNewsWorld. “We’ve seen this same sort of security issue on Facebook, MySpace, etc. … you allow users to post ‘active content’ — JavaScript, Flash movies, etc. — then they certainly have the ability to misuse the same technologies that make these Web 2.0 Web sites popular.
“In other words, the same underlying mechanics that drive Web 2.0 — Ajax, JavaScript — to provide collaboration, social networking and content-rich features, can also be used for malicious purposes. It’s kind of a tragedy of the commons, if you will,” Ferguson said.
Users can protect themselves by disabling JavaScript in their Web browser’s preferences section. With more and more of these networks also setting up applications such as Facebook Connect for sharing content across preferred networks, companies have a new incentive in sharing the latest threats and solutions.
“In addition to making Twitter stronger and more secure, we will share the information we have learned with our friends at other popular Web-based services so they can make sure they have the right systems in place for dealing with the same kind of malicious activity,” Stone wrote.
The Business Implications
Businesses large and small are slowly building out strategies using Twitter. It and other social networks can help build two-way communication paths with customers; they can allow for monitoring users’ attitudes about products, or those of competitors. News and media organizations are adding Twitter feeds to promote stories or take in breaking news updates from citizen journalists. What happens to all that if Twitter’s security is questioned by corporate IT professionals?
“My gut feeling is that companies are now forced to look at this,” Caroline Dangson, an IDC social media research analyst, told TechNewsWorld. “They weren’t really sure which employees were using it at work. If they weren’t looking at this before, if they weren’t blocking with a firewall, they certainly are now.”
It may encourage companies wary of protecting networks to come up with their own Web 2.0-based tools, which would not bode well for any established social network’s business model, Dangson added.
Advertising isn’t paying all the bills so far for companies like Twitter and Facebook — Twitter is just now flirting with the concept of ads — so other means of generating revenue involving e-commerce and “gifting” could also be impacted if consumer trust issues aren’t addressed, Dangson said.
“It’s getting very complicated in the workspace today. [Employees] are using difference devices, it’s a blend of personal and work. If you try to control that, it’s going to be a huge challenge. And if companies completely block [social networks], then that can cause a huge cultural backlash,” she said.