NEWS FROM THE LAB - Thursday, September 23, 2010

Get the Hackers on Your Side Posted by Mikko @ 08:00 GMT

New York Times / Mikko Hypponen

Like it or not, Twitter is important. It is not only used for chit-chat, but it has turned out to be the fastest way to get eye-witness reports from people who are on location whenever something happens.

So it feels quite unpleasant when something like yesterday's attacks happen. Suddenly a service we've started to rely on is out of order -- because of some stupid worm? One moment you're catching up with the latest Tweets, and suddenly you've somehow resent a viral message to all of your followers.

And the antivirus program you've bought won't help you. No matter how hard you scan your system, there's nothing there. The worm isn't on your computer: it's on some Twitter server farm in some data center somewhere.

This is part of what we call the cloud. Once we start to use cloud services more and more, we also give up the control of our data. If you have your documents on your computer, you can encrypt and secure them. If you store them on a cloud service, you have to hope that someone else does it for you. Same thing with your communication.

Twitter worms are quite different from the more sinister trojans we see attacking the Windows operating system. Most of the Twitter worms are made just for testing, or for fun. Very few try to steal information or to make money. They are created by the same kind of curious tinkerers that 10 years ago would have been writing Internet worms, just to see how quickly they would replicate.

My recommendation? Twitter should establish a bounty for finding major new security vulnerabilities in their system.

Maybe some of these online hackers would be more interested in cashing in than writing yet another system-breaking worm for their amusement.

This op-ed originally appeared in The New York Times