12:34 PM
Connect Directly
Repost This

Ashton Kutcher's Twitter Account 'Punk'd' With SSL Taunt

'Dude, where's my SSL?'

Actor Ashton Kutcher's more than 6.4 million Twitter followers yesterday got a firsthand look at what can happen when your Twitter account gets hijacked -- and by a security activist who wanted to make a point:

"Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?"

Kutcher, who is among the glitterati this week attending the TED (Technology Entertainment and Design) Conference in Long Beach, Calif. -- which includes big-name speakers such as Bill Gates; Bill Ford, CEO of Ford Motor Co.; and, from the security industry, security consultant Ralph Langner, best-known for his analysis of Stuxnet -- appears to have fallen victim to a cookie-jacking incident.

A second tweet posted on the hijacked account said: "P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL"

The culprit didn't reveal his method of capturing Kutcher's account credentials and cookies, but security experts say it was most likely via an unsecured WiFi session. Some experts were speculating that the attacker could have used the Firesheep tool, a free plug-in for Firefox that makes it possible for anyone to easily hijack a WiFi user's unencrypted Twitter, Facebook, or other unsecured account session. Firesheep basically gives the user a name and photo of the unsecured accounts on the WiFi network, the attacker double-clicks on the victim, and then is logged in as that user.

"There are lots of ways to capture credentials," says Dave Marcus, director of McAfee Labs security research communications. "[This attacker] captured the cookie ... and did what he wanted to do with it. It's about capturing the cookies and replaying them."

As of this posting, Kutcher's hijacked account still displayed the attacker's tweets.

The underlying problem, of course, is that most websites are not SSL-secured. Twitter's SSL site is an option and not the default version. Aside from using a VPN connection or a proxy -- neither of which is practical for many consumers -- there's the Firefox add-on called Force-TLS, which automatically directs you to the SSL version of a site if one exists.

Meanwhile, Twitter's global PR Twitter account posted this tweet yesterday: "Users can use Twitter via HTTPS: We've long been working on offering HTTPS as a user setting & will share more soon."

As for the Kutcher account hijacking, Marcus says it could happen to anyone. "Anyone's cookies can be captured," he says. "I'd be interested if the person who did it was purposely trying to capture his credentials or just anyone's" and got his by chance, he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web