Someone's lost the plod: Use crappy HTTP for shopping, banking, say Brit cops

Boys and girls in blue turn red in Twitter hijack shame

Police in Essex, UK, have had a rough day of it after mischievous hackers broke into their Twitter account – and broadcast bogus security tips.

Essex Police

The dodgy tweet, recommending people use insecure HTTP rather than encrypted HTTPS for online shopping and banking, has since been removed. El Reg readers will know it's HTTPS or bust when buying stuff online or checking your balance.

The link in the tweet, a goo.gl shortened URL, directed clickers to nursing.buybooksales.com, which redirects to the website of GCHQ, the Brit cousin of the NSA.

"Elaborate prank? Peculiar stealth recruitment test? I've no idea. It's possible that the original redirect URL pointed to other sites which may well have been malicious and has since been aimed at the GCHQ link for a bit of a giggle," said Christopher Boyd, malware intelligence analyst at Malwarebytes.

Thankfully very few people appear to have taken the bait: according to Google analytics about 450 people followed the URL at time of writing.

Essex's finest have apologized, and are reviewing their security procedures. ®




Biting the hand that feeds IT © 1998–2018