Gartner Blog Network

The hook in my mouth – my first encounter with social virus

by Mark P. McDonald  |  May 10, 2012  |  2 Comments

I hope you can’t see it, the mark left by the hook in my mouth.  as I was successfully phished yesterday via Twitter.  I removed the hook late last night, reset my Twitter account and apologized to a bunch of people for being a carrier.   It was my first encounter with a social virus – one that relies on social behavior for transmission rather than technology transactions.

The day before yesterday 55,000 Twitter account information was hacked and a social virus was launched.  It was a simple direct twitter message sent randomly form one of the people who I follow on Twitter:

 Hey some person is saying horrible things about you…

Naturally, this piqued my interest. I wanted to find out what others were saying.  I followed the link and it kicked into a dead end.  Then I was asked to log into Twitter again.   That should have sent off warning lights as I was already logged into twitter and the log in screen I was taken to was a different color than traditional Twitter blue.

In the desire to find out what others were saying, I barreled ahead and proved that I was really a bit of a twit, in the UK term of less than normally intelligent person.  The hook was set, the virus spread and I was there dangling at the end of the line.

The observation is that if this were a traditional technically oriented virus I probably would have caught on much sooner.  You know the type of virus that copies your director and then sends out phishing emails to all your friends.  That type of brut force virus would have caused a lot of people to take quick notice, including me who would have received a barrage of email from my associates who were infected earlier.

But this was a social virus, on that was engineered to be driven not by technology but by our basic human and social behaviors.  Here is what I mean.

THE LINE: Once infected, the virus sent a few messages to a few people out of my Twitter account.  The virus sent a similar direct Twitter message to about a dozen people from my follower list.  The people selected were randomly distributed and it appeared to be just a few people.  This spread the virus through a network of loose and more casual connections rather than processing a list of people.  When I picked up the original message and deemed it trustworthy because it came from someone who I rarely get messages from… so it looked like they were taking time out to reach out to me directly.

THE HOOK: The message itself was social, tapping into our own interest and insecurities.  We are naturally interested in understanding what people are saying about us, particularly if they are saying ‘horrible things.’  Your mind goes on the defensive, you want to know what they are saying and your guard goes down as you charge ahead.  This is natural, but it is particularly potent to Twitter heads as we constantly update our followers and follow others throughout the day.

THE SINKER:  The viral messages did not start right away.  It took about two hours before there were twitter messages from me I did not authorize and others were asking if my account had been hacked.  That time allowed the virus to work by sinking into the back part of my mind as my thoughts turned to other things.  Delay not only allowed incubation, but it inoculated itself against instant recognition.

This was my first encounter with a social virus.  I have had some accounts compromised before but that produced a technical virus.  Within seconds I got back emails from lots of people telling me they though I had been hacked.  I fixed the problem in a few minutes.

This social virus had me for about two hours before a few people started sending in messages saying that they think twitter had been hacked.  The difference was slow and social diffusion or a personal message.   It was only when I saw a tweet saying that I lost 20 lbs. by using acai berries that I knew something was up. I hate acai berries.

So what are the elements of a good social virus? Here are a few thoughts:

  • Transmission through random and loose connections to give it the appearance of authenticity.  These were people who would not tweet me directly, but if they did I would pay attention because it was rare.
  • Implantation of a message that drives autonomic social behavior rather than directing analytical thinking.  It created a reaction that superseded the idea that it might be a ruse.
  • Delay or an incubation period that allows other things to crowd into you mind and day.  If there had been an immediate response I would have know I had been hacked.

Again my apologies to those who received Twitter messages from me.  I apologize for my small role in spreading this social virus.

Category: personal-observation  technology  

Tags: social-computing  virus  

Mark P. McDonald
8 years at Gartner
24 years IT industry

Mark McDonald, Ph.D., is a former group vice president and head of research in Gartner Executive Programs. He is the co-author of The Social Organization with Anthony Bradley. Read Full Bio

Thoughts on The hook in my mouth – my first encounter with social virus

  1. Jack Vinson says:

    Argh! It stinks that you got caught in this one. It’s a big reminder to NOT click on any link that people send to you, even if you know who they are. Go chase down the link by searching for the title or getting more clarification from the sender.

    If that is too much work, don’t follow the link to begin with.

  2. Andy says:

    Can you say something more about how did you fix the problem?

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.