'Twitterjacking' -- Identity Theft in 140 Characters or Less

By

Published May 01, 2009

| FoxNews.com

Here's a message that aspiring Twitterati shouldn't miss.

Read those 140-character "tweets" carefully; they may be the work of an imposter.

Celebrities, athletes, politicians and media personalities alike have been flocking to the hugely popular social networking site in droves, with actor Ashton Kutcher leading the way and media magnate Oprah Winfrey recently joining the fray.

But how can you be sure that the Twitter account you're reading is actually real? How do you know that Condi really just saw John Ashcroft in Sharper Image ... or that Bill Gates really wishes you a happy Earth Day?

• Click here for FOXNews.com's Personal Technology Center.

• Got tech questions? Ask our experts at FoxNews.com's Tech Q&A.

In some cases, you can't. It's becoming increasingly difficult to tell the real thing from a social identity thief, experts tell FOXNews.com.

"It's easy to do, there's no identity verification," former hacking whiz Kevin Mitnick said of the ease of registering accounts at sites like Twitter. "Anyone could set up an e-mail account, change a letter or two and then pretend to be you. Imagine someone influential setting up a Facebook page and asking for resumes. It could be a headhunter who is impersonating a CEO."

Ironically, Mitnick, who served nearly five years in prison for hacking into computer networks without authorization in the 1990s, couldn't access his own Facebook account last month due to identity questions.

"[Administrators] thought I was an impersonator and for some reason disabled my account," said Mitnick, who know heads Mitnick Security Consulting. "It didn't bother me. People can impersonate me, but what are they going to get? And what am I going to do about it?"

Mitnick eventually got his account restored, but other victims of online imposters may not even be aware that they've been "twitterjacked."

Twitter representatives did not respond to requests for comment, including queries as to how many profiles have been shut down for violations of its impersonation policy.

While Twitter allows parody impersonations if a "reasonable person" would be aware that it's a joke, sometimes the line can be blurry.

For instance, at first glance, a profile for Tina Fey could be mistaken for the real deal, but a closer read suggests it's definitely not.

That's also the case for Christopher Walken, Condoleezza Rice, Bill Gates, Usama bin Laden and Pulitzer Prize-winning composer Steve Reich.

Politicians haven't been immune either. Rep. Don Young, R-AK, has also been "twitterjacked," according to spokeswoman Meredith Kenny.

"The messages posted seem to be the work of someone with a little too much free time on their hands," said Kenny, who called the tweets "preposterous and outrageous."

Kenny said one of the posts, which began on Monday, falsely indicated that Rep. Michelle Bachmann, R-MN, was preparing to introduce impeachment measures against President Obama.

At FOX News, at least three on-air personalities appear to be victims of "twitterjacking," including Shepard Smith, Bill O'Reilly and Geraldo Rivera. (The "real" Twitter profile for "The O'Reilly Factor" can be found here.)

Moreover, a fake profile for Jesse Watters, a producer for "The O'Reilly Factor," was also recently debunked and has been removed.

Security and social media experts told FOXNews.com that the ramifications of phony profiles can be serious.

"Let's say it was an up-and-coming artist or someone like Britney Spears who has a lot of public appearances and they 'tweet' that the Dallas concert is canceled, 'sorry folks,'" said Robert Hansen, president of SecTheory, a security consulting firm.

"That can really drag someone through the mud. Or Tom Hanks could say he's cancelling the red carpet appearance and drag an entire event down."

Rick Sorkin, a strategist for enter: new media, a New York-based social media marketing firm, said impersonating an individual or brand fundamentally opposes the very idea behind social networking.

"It makes it difficult for the brand to actually represent themselves if someone else twitterjacks their name and likeness and it is similar to someone registering a Web address that's not their brand," Sorkin said. "The most damaging thing is that Twitter is the most organic and transparent form of communication available. Communicating falsely is diametrically opposed to the concept of Twitter."

Sorkin said he recognizes the humor behind parody profiles of people including Notorious B.I.G. and Homer Simpson, but he said duping users with bogus "tweets" is no laughing matter.

"Any brand worth their salt in social media is on the lookout for this," he said.

So what can you do once you've become a victim of social identity theft?

Twitter advises impersonation victims to contact its Terms of Service group. But depending on how quickly the profile in question is caught, it may be too late, experts say.

"The obvious thing is registering yourself first and beat people to it," Hansen said. "But as far as the actual act and you're an up-and-coming artist after the fact, there's really very little recourse other than saying to people that this is not me. You sort of have to have another way to explain that that is not indeed you, and that can be tricky."

Enter Knowem.com, which checks the availability of your brand name or name on 120 popular social media sites. Michael Streko, the company's co-founder, said up to 20,000 people per month are currently checking its site for phonies.

"Since a bunch of celebrity names have been twitterjacked, our hits have been through the roof," Streko told FOXNews.com. "They're jumping on it now because they don't want to deal with a squatter. Unless you start spending money to put out press releases saying that's not your profile or jump through hoops to contact Twitter, it never works out well."

URL

http://www.foxnews.com/story/2009/05/01/twitterjacking-identity-theft-in-140-characters-or-less