Hackers don’t just look for vulnerability, they prey on trust. When Twitter introduced the 140 character limit, it gave rise to new businesses – URL shorteners like bit.ly, which would convert those long URL’s into short 10-12 character links. URL shorteners work by acting as redirection points. They take a link, provide a unique id, and process it through their servers to point it to the original page. It became the easiest way to share interesting articles with friends and followers. The problem was that you no longer knew what you were clicking on because the original was masked.
Both vulnerability and trust need to work in tandem for hackers to succeed. Phishing scams where people unwittingly allowed their bank accounts to be drained happened because they trusted communication that seemed to originate from the bank. It’s an established trust network – ripe for exploitation. The same is now true of Twitter – millions of trusted tweets and all that needs to be done is to insert a link to malware somewhere in the stream. In this case, the link pointed to fake anti-virus software. Hackers have to use ingenuity, not just to code the virus but to foil its detection and enhance its spread.
The bait used exploits the most common human weaknesses. Like the one years ago, where people got ‘I Love You’ messages in their email. How many can resist that one, especially when it comes from an unknown source? Or even a known one, where the hackers got into mailboxes and then sent out requests for money to everyone in the address book. It takes years to build a trust network. And a handful of deviants can undermine that trust forever.