Attacks/Breaches
6/6/2014
03:30 PM
Connect Directly
RSS
E-Mail
50%
50%

TweetDeck Scammers Steal Twitter IDs Via OAuth

Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.

Scammers are abusing Twitter's TweetDeck tool as part of a scheme that has roped in thousands of Twitter users, according to Bitdefender.

The scammers, believed to be from Turkey, are profiting from users' desire to increase their Twitter following. In the past month, the scammers have registered dozens of sites dedicated to the scheme and promoted them through Twitter Trends.

On the site, the scammers ask the victims for a Twitter username and lure them with an offer to purchase new followers or get them for free. Those who click on the free option get 20 followers immediately. Those who pay the premium are promised 100 to 5,000 new followers a day for five days. To get the new followers, users must authorize the TweetDeck. In the process, the scammers make off with the users' authentication tokens and receive TweetDeck's permissions without the users' knowledge.

Bitdefender online threats researcher Andrei Serbanoiu says the scammers are using an old trick to abuse the Twitter OAuth standard in the application programming interface.

"OAuth is practically an authentication protocol that allows users to approve apps to act on their behalf without sharing their password," he says. With follower schemes, scammers hijack tokens by abusing this protocol that authenticates Twitter's legitimate app TweetDeck. Researchers have been issuing warnings for a while about this ability to craft special links that may open Twitter app authorization pages for legitimate apps.

"When hijacked, these requests specify the attacker's server as a callback URL, redirecting Twitter access tokens to the attackers' command and control center," Serbanoiu says. "Tokens may be as valuable as passwords and may be used to add Twitter clients to follower bots. Scammers may also post on their behalf, follow other accounts, and even read and send private messages."

Unlike other follower scams, this scheme actually does deliver additional followers -- something that has become a bit of a business. According to researchers at Barracuda Labs, the price for buying Twitter followers has dropped to $8 per 1,000 followers.

"One thing we have noticed is that fake Twitter accounts are better at disguising themselves to look more like real accounts," says Dr. Jason Ding, research scientist at Barracuda Labs. "They have begun to engage in conversations, retweet, comment, and favorite tweets in order to look like a real account. Additionally, we have seen the prices for fake Instagram followers and Facebook likes drop more than 30% in the last six months. We believe this indicated that the owners of these fake followers may have found some effective ways to easily create lots of fake followers and likes on these platforms."

To reduce the number of hijacked accounts, Serbanoiu says, Twitter has implemented two-factor authentication and started to educate the public better. "As other social media platforms, they try to cope with security issues on a regular basis. However, cyber criminals have a prosperous business to keep, so they continue to create new scams as fast as they are taken down."

Bitdefender advises users who were tricked in the scam to uninstall TweetDeck and reauthorize it, and run a security scan to check for malware on any devices they used to log into Twitter.

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
6/9/2014 | 11:29:54 AM
Re: onliune jobs
@gev  We're keeping an eye on that, but if you ever see spammers feel free to drop us a line to point them out.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
6/9/2014 | 11:28:16 AM
Can't help myself...
Okay I know this is tangential, but I can't help but make a small gripe about how silly the marketing industry is getting. Advertisers are more likely to buy ads/sponsorships if a company has a bunch of Twitter followers, even if the company simply buys a bunch of "followers" that might not even be real people or people who are legitimately interested in the brand. 

A scam like this is easy because it feeds on this foolishness.
gev
50%
50%
gev,
User Rank: Moderator
6/9/2014 | 9:34:49 AM
Re: onliune jobs
While you highlight Tweeter security problems, scammers are posting their spam messages right here.

I have seen a lot of these spam posts on zdnet, but this site is about security, and yet the same spam messages appear here, at the dark reading :-(

Physician, heal thyself !
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
6/6/2014 | 5:26:29 PM
Valid vs Scam Tweet Deck users
How are we to discern between valid and scam tweetdeck requests? I am not as familiar with twitter. Or is tweetdeck in general the vulnerability? Either way, resintalling tweetdeck is definitely a good idea since it uses dual factor authentication even if you have not been exploited.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.