Russian hackers were able to get into the computer of a Pentagon official using a link attached to a Twitter post.
According to a report in The New York Times, the post, which was pushed by a robot account, touted a family friendly vacation package for the upcoming summer, something many people would be tricked into clicking on. But the link wasn’t for a vacation — it was a virus.
The report noted the fact that it was part of a tweet is creating a problem for companies, government agencies and consumers, who are trained to be suspicious of links in email but aren’t trained to be so skeptical of things on social media. It also opens a new kind of attack for hackers going after what people rightly or wrongly trust most: social media.
The New York Times reported Pentagon officials are growing more concerned that state-backed hackers are using social media sites, such as Twitter and Facebook, to break into the computer networks of the Defense Department. What’s more, they say the human error that results in people clicking on links sent to them via email is exponentially greater on social media sites, because people think they are among friends and therefore nothing bad will happen.
If a person is compromised on social media, the attack can then move quickly through that person’s friend network, which could result in entire departments — say, at the Pentagon — being targeted. The paper noted training to spot scams on social media remains limited at the Defense Department.
An official, who was unnamed in the report, likened the social media training to warning an entire department to be wary of anything that is sent, even if it looks like it is coming from a family member or a friend. With hacking attacks growing, the Defense Department is bracing for more compromises.