Would You Believe Anthony Weiner Now?Questioning the Integrity of Social Networking
Imagine this: A lewd picture of Anthony Weiner is sent from his Twitter account, and he claims his account was compromised, and that a hacker sent the image.
Nearly two years ago, the then-U.S. representative from New York denied he sent a photo of his crotch to a Twitter follower, blaming the sexting on a hacker. The truth was that Weiner sent the picture, as he ultimately confessed. Shamed by the incident, and losing the confidence of his constituents and fellow lawmakers, Weiner quit his seat in Congress.
Weiner is contemplating a political comeback, with a possible run for New York City mayor, and he has renewed his Twitter account. What if Weiner's Twitter account is actually hijacked, another explicit photo is sent from it, and he denies he sent the image. Would you believe him?
Would you believe a tweet from the Associated Press that the White House was bombed?
Some people did (as did some automated trading systems programmed to "read" Twitter feeds that automatically sold stock based on the "news" of the White House bombing), resulting in a temporary, 1 percent drop in the Dow Jones Industrial Average. A group called the Syrian Electronic Army claimed it hacked AP's Twitter account and posted the false message that President Obama was injured in a White House bombing [see Social Media Needs 2-Factor Authentication].
It's getting harder to believe what you read on social networking sites. And, the integrity of what's emanating from social networking sites can - and should - be questioned.
Integrity: A Matter of Trust
One of the three core tenets of IT security is integrity (the others being availability and confidentiality). The technical definition of integrity is maintaining and assuring the accuracy and consistency of data over its entire lifecycle. And the truth of information - even the 0s and 1s that make up words and sentences - is another way to view data integrity. Can you trust what comes out of these systems?
As we rely more on social media to reach out to friends, family and business associates, we cannot be assured of the truthfulness of all of the messages posted or received by our friends and connections. I can't count the number of times I received notes from Facebook friends apologizing for inappropriate messages posted by hackers or spammers under their names. Often the out-of-character context of the message reveals it wasn't posted by the friend. But that's not always the case. Is it out of context for the Associated Press to tweet about a bombing? Of course not.
Security researchers estimate that as many as 20 million Twitter accounts on the platform are fakes, and real accounts continue to be "catnip for hackers," the New York Times reports. That doesn't build much confidence in social networking.
Social networks claim they care about their members/customers, but the steps they've taken so far are inadequate, such as the contention, reported by the Times, that Twitter has automatic and manual controls to help identify malicious content on its site.
What can social networks do to build confidence in their integrity? A relatively simple solution is to require multi-factor authentication to log on to accounts. The current process of only requiring username and password is too easy to crack. I just created a new Twitter account, and used an obvious variation of the username as the password, which Twitter accepted.
At the moment, there's no financial benefit for social networks to tighten authentication requirements. And don't look to the U.S. Congress to create regulations to require stronger authentication standards. (The European Union is more regulation friendly, but it's doubtful it would adopt such rules, at least not any time soon.) We're not getting much help from social networks when it comes to the integrity of what we post.
So if a hacker tweets a coarse image from Anthony Weiner's account, the former congressman is on his own in getting the public to believe him.