Christopher Pyne’s Twitter headache has once again laid bare the perils of social media for people in positions of power. The Defence Industry Minister accuses hackers of hijacking his official Twitter account and blames them for the “like” on an explicit gay porn tweet. However, that claim in itself raises some red flags.
For a senior cabinet member, especially one in charge of the defence industry, to have his Twitter account compromised shows a glaring lack of knowledge about staying secure on social media. If the account was indeed hacked then it shouldn’t have happened so easily, says Nigel Phair from the University of Canberra’s Centre for Internet Safety.
“What makes it worse is how dismissive (Pyne) was about the thing in his tweets, saying that he was asleep at 2am when it happened, making it out as if it wasn’t his fault,” Phair told The Australian. “It was quite a throwaway remark.”
A Twitter account, like most things on the internet, is relatively simple to hack. More often than not, the number one culprit is an easy-to-guess password and our tendency to use it to access multiple services.
An investigation into the alleged hack will reveal the password Pyne and his staffers have been using to access the account. It’s unlikely to be a robust one. Passwords are routinely stolen using phishing attacks, where a user clicks on a malicious attachment or an email. Hackers then use the passwords to target accounts. They also rely on sophisticated code breakers to break passwords.
In fact, passwords by themselves are no longer sufficient to stay safe on the internet.
Security experts point to two-factor authentication (2FA) as a default deterrent.
The technology, now widely offered by most internet platforms, requires the account holder to type in a code that’s different every time they login. The code is usually sent to the user by SMS or generated by a special app on the user’s phone.
Twitter introduced 2FA in 2013 but it’s unclear whether Pyne and his staffers were using the technology. Two-factor authentication is being increasingly used in corporate circles but its use in public agencies remains limited.
Labor and Australian Conservatives senator Cory Bernardi have called for an investigation but there’s no word on whether the Australian Signals Directorate or the special adviser to the Prime Minister on cyber security, Alastair MacGibbon, will be brought in for the job.
And whether the hacker can be caught is doubtful.
Phair says this should be a wake-up call for Canberra and the Turnbull government, which has been banging the cybersecurity drum rather loudly over the past year.
“They need to learn the absolute basics of information security,” Phair says. “They have a greater responsibility as an elected politician. There are no briefings given to politicians with regards to their personal social media accounts. It’s not so much about the tweet; it’s the fact that an account of a senior politician can be so easily compromised.”