10 Best Tweets on Security in 2014


Last year, the IT security field was pretty eventful. There were a lot of incidents: from global vulnerabilities which affected millions of computers all over the globe to showdowns with local cybercriminals. Every one of these events were, in one way or another, connected with social networks – especially Twitter since it also acts as a news service. We collected the 10 best tweets related to an IT security event in 2014.


1. In March, a cybercriminal who acted on behalf of the ‘Pump Water Reboot’ hacker group started a series of DDoS attacks on several Russian web services — from popular online communities to some banks. Each victim was asked to pay a $1000 ransom to stop the attack.

In this particular tweet, the criminal threatened one Russian banker, Oleg Tinkov, founder of Tinkoff Credit Systems, which is an online specialized bank.

(Translation from Russian: Your site is under DDoS attack. We offer a solution for this problem. The attack will stop if you are willing to pay $ 1,000.)

By the summertime, the cybervillain was caught by police and in a couple of months was sentenced to two and a half years of probation with a penalty of 12 million rubles (about $400,000). That’s a lot for a 19 years old student who, as it turned out, happened to be the extortionist.

2. The Heartbleed vulnerability threatened two thirds of the Internet. You can learn more details in our blog posts. The short version of what happened and how it worked is best described by this xkcd comics author:

Heartbleed’s consequences will haunt us for a long time: there are tens of thousands of vulnerable servers still not updated. And many of them will never be able to get rid of this vulnerability.

3. For us, the best tweet of the year was created by people from — you won’t believe it! — the CIA. It’s nice to see that even these tough guys have a sense of humor.

4. In mid-August, something that happens to almost everyone involved in modern politics struck Russia’s Prime Minister Dmitry Medvedv: someone hacked (and made fun of) his Twitter account.

(Translation from Russian: I resign. I am ashamed of the government’s actions. I’m sorry.)

At the same time, Medvedev’s other accounts were also hacked. This led to a leak of private photos and correspondences from Medvedev’s mobile devices. However, all tweets written by hackers were subsequently removed. What happened to the attackers – if they were even caught – is still unknown.

5. Two weeks later, there was another leak and this one was massive: Somebody posted lots of private photos of several naked celebrities, including Jennifer Lawrence.

This leak was immediately named ‘The Fappening’ and rocked the whole world. Celebrities got way more attention than usual and web services that published photos got good profits from ads. In particular, one popular website, Reddit, got so much money in just a few days they had enough to support the project for a month.

6. Autumn was especially eventful. In September, a new fundamental vulnerability was found in Bash shell. Now it is known as Bashdoor or Shellshock. It was the second time in one year that millions of computers, mostly servers, were compromised. The man who had discovered this bug didn’t post anything on his Twitter account immediately. But later he posted worthwhile tweets with an explanation that this vulnerability had probably originated as early as 1989, i.e. 25 years ago.

The Bashdoor bug, as well as the above mentioned Heartbleed, will haunt us for a very long time.

7. A couple of weeks later the world found out about another global threat. In early October, two researchers announced that every USB device on the planet is fundamentally vulnerable. For some reason, these guys didn’t talk about this discovery, but we did:

It is still unclear what we should do globally to protect ourselves from this bug. There is only one known good practice for protection: do not use unknown USB devices, including, but not limited to, keyboards and mice.

8. In mid-October there was another leak. This time, victims were Dropbox users. Company representatives promptly declared the service wasn’t hacked and the leaked data was collected in some other way.

Many people believe Dropbox had been hacked though, and that the company preferred to “negotiate” with the intruders privately rather than lose its reputation.

9. The end of October was marked by an event that many people didn’t pay enough attention to: Twitter announced plans to replace passwords with another, more advanced authentication system. And not only passwords for the accounts of its own users: Twitter offered third-party developers to use the Digits platform to authenticate users in their applications as well.

There have been many attempts to get rid of passwords and, as we have seen, nobody has been able to achieve this so far. But it is possible that Twitter will succeed and in a few years we will finally stop using this old authentication method.

10. As for passwords: Never store them in an unencrypted file on your PC. Otherwise, you will face the same consequences as Sony Pictures. The company was massively attacked by a GOP hackers group. Before the attack was launched, cybercriminals had stolen one of Sony Pictures Twitter accounts and mentioned the company’s CEO in a warning of the future hack.


Unfortunately, the hackers were not limited to threats and Sony Pictures has been in personal info leakage hell – and they weren’t ready for it at all. You can learn more about what happened with Sony in our blog post.