The rule of trust and how my twitter account has been hacked

0 Flares Twitter 0 Facebook 0 LinkedIn 0 Buffer 0 Email -- Filament.io 0 Flares ×

Do you remember that stickers in the 70’ “Shit, Happens”? Well if you combine this with “Idiot,Idiot,Idiot!” you got a clear idea of how I felt when I’ve started to receive from my twitter friends messages like “hey dude seems you’ve been hacked”. So, first of all, sorry everybody for the spam and thanks for the support.

But you’ know we’re all geeks here and so the question is “what happened?”Let start from the beginning:

I’ve received a tweet similar to this:

“rofl…omg i am laughing so hard at this picture of you someone found http://t.co/ROEGZLR

Okay it was obviously an malicious tweet and even not so sophisticated, let say it just miss the sentence “hey dude I’m an amateur hacking trick would click on me?” and please stop laughing at my stupidity please, I see you buddies!!!!Basically the trick was to click on the t.co link, land on a fake API twitter page who require you to re-login and generate an, even, more fake login error.

I’ll not go deep into the code stuff and how this could be done, everybody here for sure can figure it out (do you remember the concept of POST and GET in a HTML page don’t you?).

My point is different and is : Why I’ve clicked on that link? 

Point 1:

Trust is based on value similarity, and confidence is based on performance…judging similarity between an observer’s currently active values and the values attributed to others determines social trust. Thus, the basis for trust is a judgment that the person to be trusted would act as the trusting person would. Interpretation of the other’s performance influences confidence.

"From:Test of a Trust and Confidence Model in the Applied Context of Electormagnetic Field (EMF) Risks. – Michael Siegrist, Timothy C. Earle and Heinz Gutescher http://www.mobile-research.ethz.ch/var/pub_siegrist_pref4.pdf)”

Let me explain it with a simple formula:

yT= You trust yourself 10 on a 1 to 10 scale

ylT=Your level of Trust, the number that you consider acceptable to trust someone.

lT=Level of Trust

lC=Level of Confidence: determinate on a the same scale above and valued on the basis of the “knowledge” you have of the other party. Is a scale from 1 to 10 where 10 is an excellent lC

lS=Level of Security: you value to the other party based on the actual performance when act toward you (number of days,months, years you know each other, way he/she act toward you,way he/she act toward strangers). Is a scale of 1 to 10 where 10 is an excellent lS.

pR=Potential Risk: based on way the person you just “meet” seems or act related to your perception of risk. is a scale from 10 to 1 (where 10 is an high risk)

so when you “meet” a person you attribute to him/her a value like:

lT=(lC+lS)-pR

Now based on this simple formula you act differently based on the following formula:

ylT=yT- lT of Y 

Where Y is the person we’re facing.

Point 2:

Would you click on a link I’ve just tweeted you? At this point I’m sure you’re still think “no dude you’re the stupid one remember? Let me share another great article extract:

In our world of information overload and global connectivity leveraged through theWeb and other types of
media, social trust (McKnight and Chervany, 1996) between individuals becomes an invaluable and precious
good. Hereby, trust exerts an enormous impact on decisions whether to believe or disbelieve information asserted by other peers. Belief should only be accorded to
statements from people we deem trustworthy.

“From:Propagation Models for Trust and Distrust in Social Networks -Cai-Nicolas Ziegler and Georg Lausen (http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=926814)”

We never met, at least with most of you, you do not either know my face, on twitter I have an avatar as many of you and so, if you meet me on the street, you are not able to recognize me, but, most of you, trust me.

On the scale at the point 1 I’ve started at 2 or at 5 for most of you and when I was hacked yesterday that value fallen down of a couple of point, but now you’re reading this article and for some of you I am climbing again the scale.

Trust is a wave we ride everyday, we’re the surfers and our peers are the wave, we simply ride them and act based on how good they let us surf the wave in a confident way. Let me again use and example, this time visual to explain my point of you:

lT

Image:Level of Trust and Confidence

Point 3: We live, all of us, in a globalized world where we are overloaded by information and we “virtually” meet people everyday through social networks, intranet chat systems, conference calls etcetera.. We are, and I am one trust me (LOL), trained and accustomed to live with an high level of security, we got complex password, we change them often and we are always “on alert” in order to not disclosure relevant information’s to others but in this “global-socialized” world we live sometimes we forget the rule at Point 1 and 2 too easily. You’ll say “what? nah not me…” let me do a final example:

Y tweet you with a fake tweet.

Y is a Friend, Collegue, Mutual Follower

Y is well-known person in the Internet realm

Y always act in safe and secure way and follow the “simple rule of security”.

how much you would rate Y in your vlT?

Still unconviced uh? final point:

Y do not live in your same country so it is obvious that Y communicate with you in english or, in any other language you use.

Due the confidence you have with Y both often exchange jokes and funny tweet.

now would you still think I’m stupid and you wouldn’t click that fake tweet?

Shit happens and security does not exist since we’re human and so we’re designed for FAIL.

Topics

Archives