QF/Qatar Foundation facebook and twitter accounts have been compromised, what could be the technical reasons?
Before getting into this discussion that how this happened, we need to understand what the intention of the hacker is. Hacking website is most difficult than spreading this news on digital media. Nowadays being mind hacker is easier than an actual system hacker and Digital media make this job easier.
The trend is:
Let me give an example because of not to consume more time to find a better or long lasting solution we as an IT go on fast tracks and patch fixes. If hard disk which has all data of the organization from years has bad logical sectors, KHALAS replace it rather to find ways to fix it. Even though if a standalone system’s Hard disk, really it matters. Now let me give you an example if the social media account has been compromised it is a good idea just to disable or delete the account. No, no, not at all.
Debate is: Is this the responsibility leakage from Social media administrator or Information Security or IT Infrastructure
Social Media Administrator:
Let me give you a small example of one of my experience where I was doing investigation of one of my friends’ small company account which was compromised and the result was so amazing. There is no doubt lot of social media administrator comes from business /marketing background. A genius found him luckily on linkedin, sent a friend request and got his email address, and then was his unknown friend for a while then one day he received a fine looking link of an article and that was the day when unluckily he clicked and was compromised not only on FB but on the other accounts as well. So no double that hacker monitor you Administrator from long not from one day.
As I mentioned earlier lot of our social media administrators are from business/marketing background or the organization hire agencies to do the job and again these people from agencies has the same background. We always look for applications which are not trusted where the code has lot of elements which are hosted on external links and here is the point, you can be sure on your developer’s code if they are good in writing secure code or YOU sure? about others NO and facebook will never give you surety of third party codes where it has 83 million of fake profiles and counting or if you are smart enough you will find it but again on User’s end not as secure programmer.
There is no doubt these kind of activities have a biggest role within the IT infrastructure. Using poor systems and not tracking the incoming / outgoing packets is really un-ignorable. Let me give you an example most are the new key loggers/USB has hidden files for key logging or new ways to track user activities. These come under IT Infrastructure and normally are being ignored.
Whatever inputs to your system you are responsible either you belong to Information Security/IT infrastructure/ Social media administrator but it varies from high to low.
In my this article I was trying not to be technical and people can have different idea/observation on this.