Hijacking Celebrity Tweets Made Easy

Mar. 6, 2017  |  By Yacin Nadji

A simple trick discussed by Belgian security researcher Inti De Ceukelaire shows how to "hijack" tweets without taking over the account. The trick works by abusing domains. Essentially, you find a tweet that contains a URL whose domain name has expired. By registering this domain, you can now alter what was linked in the original tweet. A simple trick, but one that seems widespread enough to provoke some laughs. Of the top 1000 Twitter accounts, he discovered 109 domains available for registration.

IISP Analyst Yacin Nadji: “The hijacks described in the article center around an issue our lab has investigated in detail and centers around a domain's residual trust. Domains expire every day, but anyone can register these and maintain whatever reputation the previous domain and its owner had. For example, we identified cases of malware authors re-registering expired, benign domains to fool blacklists and reputation systems. This may seem to be an isolated case, but the problem is deeper than that. For example, if a bank closes, should its domain be carelessly tossed back into the domain pool to be abused by a financial fraudster? We don't think so and our paper demonstrates how to find these re-registrations at scale. We also suggest that domains belonging to critical infrastructure such as finance, government, and utilities not return to the general pool after expiration to prevent future instances of residual trust abuse."


For further reading


More by the author(s)