Anthony Weiner Twitter hack? What he should have done.
Amid the furor around an indecent photograph sent from Congressman Weiner's Twitter account, the question arises: What should you do once an account has been hacked?
The line “I got hacked” has become the latest political fig leaf for social media mistakes.
Hacking happens often enough that there should be a well-known, universal response – but so far, one has not emerged. And in this helter-skelter approach to security, untold volumes of information remain vulnerable, notes security expert David Koretz. “There has been a rush to move everything online,” from political communications to private finance, he says. Without an equal push for security in the digital sphere, he says, “we are at risk – not just in the way we communicate, but in everything we do online.”
So what should you do if you think your account has been hacked?
“If [Representative Weiner] really was hacked, that would fall under federal cyber crimes or wire-tapping laws, and it would be intra-state,” says Mr. Koretz, CEO of Mykonos Software, a vendor that secures websites and applications. “Your next stop would be the FBI, if you believe it’s domestic.”
Of course, it always helps to be a national figure. Politicians have more resources when it comes to digital transgressions, notes Patrick Kerley, senior digital strategist at Levick Strategic Communications. “A congressman has more access than an average person, and would reasonably be expected to take immediate steps – whether it’s the FBI or the Capitol Police.”
"If someone stole the letterhead of a public figure, that would be fraud," notes David Mercer, a former deputy finance director of the Democratic National Committee. Sending a digital message under their name is no less criminal, he says.
The first move a public figure should make is to determine how far the breach has gone, Mr. Mercer says. “This has the potential to harm anyone or anything else in the system.”
If you’ve been hacked, the thing not to do, says Koretz, is what Weiner did. “I would not hire a private investigator, because they wouldn’t have access to Twitter’s back-end systems or be able to do the kind of forensics to get to the bottom of how it really happened,” he says. Hiring a private team, Koretz adds, “is really more about smoke and mirrors than it is about tracking a hacker.”
The move suggests “a desire to control the information that might come from an investigation,” says Paul Levinson, author of “New New Media.” Someone who really wants to get to the bottom of a crime would be more likely to go to law enforcement, or simply to the help function on a website, says Mr. Levinson.
But the help function tactic, he notes, is fraught with its own challenges.
Penny Sansevieri, an instructor at New York University, says she ran into problems trying to follow Twitter’s own protocol for hacking. A spammer sent out a single tweet from her account, triggering an account shutdown.
“I went back and forth with [the support team] for about ten days,” she says. “My goal was to find out what happened, and most important to get the site back up again,” she says. “They did not make this easy at all.”
The team even emailed her a response indicating that the event had been resolved, “but it had not, so I had to keep going back to them.” Finally, she got her account back. “They made me change the password twice, but they wouldn’t tell me why,” she says.
Other social media sites have their own ways to make life difficult after a perceived violation, notes Ms. Sansevieri, whose small business Author Marketing Experts relies on social media. One of her authors used a personal Facebook account to post business information, she says, “and Facebook shut it down. No matter what he did, they would not give it back.”
Adds Levinson, “It’s highly ironic that while we have companies that have become very sophisticated in their rush to be the next big social media, there is no equal rush to provide help in security issues.”
“I get better tech help from Sears,” he adds.