On Wednesday Aston Kutcher sat in the audience at the technology and ideas conference TED unsuspectingly tweeting his reactions (“wow”) to the events on stage. Someone was about to make an example of the star and show how easy it can be to hack into a personal Twitter account.
Kutcher’s next message read, for all the world to see, “Ashton, you’ve been Punk’d. This account is not secure. Dude, where’s my SSL?” Someone, likely another conference attendee from inside the room, had posted the message. Imagine one of those horror movies where the killer is inside in the room, but instead of a killer it’s a hacker.
The hacktivist then made his motive clear, telling Kutcher’s more than 6 million followers, “P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL.”
SSL refers to “Secure Socket Layer,” a method of encrypting data so it’s protected. Sites with a secure certificate have HTTPS addresses. Google, for instance, made HTTPS the default connection for Gmail last year.
Hacking a user’s private information from an unprotected connection is actually not all that difficult, and last October a simple Firefox extenuation called Firesheep hit the market that could basically pull this data with one click. The developer released the extension to show how easy it could be to get unencrypted long information from others not the same local network.
Twitter has long known about its security problem, but perhaps only recently, as secure connections became matters of life in death in the protests igniting across the Middle East, did it make implementing a secure connection a priority.
Just one hour after Kutcher’s account was hacked, Twitter announced that users could use the service via a secure HTTPS connection but said that a more permanent secure setting was forthcoming. In the meantime users can type https://twitter.com/ into their browser bars for a more secure tweeting experience.