Site icon Sophos News

Hijacked school Twitter account turns head teacher into a porn star

Naked Security:

A UK head teacher was demoted was promoted unknowingly switched jobs to become a porn star, courtesy of a bit of Twitter account hacking and a liberal dose of Photoshopping.

As The Mirror reported on Wednesday, the image of Oriel High School head teacher Philip Stack’s smiling face was pasted onto the body of a muscular, tattooed male model who would have been naked but for a jock strap.

The picture was sent out over Twitter bearing this caption:

A round of applause for our glorious head!

Been working hard at the gym and got himself a contract with Brazzers!

Brazzers is a popular porn site.

Police are investigating how the Twitter account of the school, in Crawley, West Sussex, got hijacked.

The school is also investigating and has deactivated the account.

But not before the hijacker(s) sent out additional inappropriate tweets, including this one:

The year 9 girls are getting a bit fat.

We need to work on them in the gym.

Some Twitter users reportedly suggested that if it turns out that students are behind the hijacking, the school’s IT teachers should be proud of students’ “accomplished computer skills.”

Apart from the fact that what happened was unlawful, there are many ways to hijack a Twitter account, and they don’t all require sophisticated hacking skills.

Perhaps the account owner practised poor password etiquette by, for example, using their pet’s name or simply handing over their password to strangers.

We know how common truly bad passwords are.

Users remain stubbornly attached to passwords like 12345 and passwords that are so bad they can be cracked in less time than it takes to type them.

This is not to say that Oriel had a weak password on its Twitter account. It’s just that far too many people do, in fact, use very bad passwords.

That’s a pity, because as Naked Security has pointed out, passwords are often the one component of a security system whose creation and safety is entrusted to the users of that system rather than its designers and administrators, making them a weak link in what’s otherwise, often, a perfectly strong chain.

Even if the Oriel Twitter account had been secured with a rock-solid password that could boast sky-high entropy, it was shared among multiple employees.

Unfortunately, those Twitter accounts that are the most tempting to take over – i.e., those for celebrities, businesses, or, well, schools – often have Twitter accounts controlled by multiple staffers.

That, in fact, is why Twitter recently came out with a new tool to help stop password sharing and help fend off hijackings.

The tool – “Teams” also allows the use of two-factor authentication, or what Twitter calls “login verification”, on those accounts (which is something everyone with a Twitter account – or any other online account that allows it – should have).

From how Twitter described it last month, the tool sounds like it should help to protect high-profile accounts that would suffer a whole lot of embarrassment if they were to be hijacked, including those of government organisations, celebrities and companies…

…and head teachers who don’t really want to undertake a whole new profession.

Exit mobile version