Hash tags foul up Conservative Party 'Cash Gordon' website

The 'Cash Gordon' site was pulled after its Twitter feed was hijacked, and followers of the Twitter feed were bombarded by rude jokes, adult images and the inevitable Rick Astley 'never gonna give you up' video.

Amusing through the Twitter hijack was, the hacking of the cash-gordon.com website highlights the fact that automated social networking feeds attached to web portals pose a security risk as, once hacked, the account can give access to a large number of internet users.

Over the weekend, when the Cash Gordon site was launched with links on Facebook and Twitter, it quickly became common knowledge in the Twitter world (the Twittersphere) that the site's template had apparently been copied from a right wing American group that opposes President Barack Obama's financial control plans.

Unconfirmed reports suggest that the Facebook and Twitter links to the website were hacked initially by internet users upset with the way the US site template had been used to support the Conservative party.

UK media reports, meanwhile, say that the Conservative Party paid almost £10 000 for the Cash Gordon site to be set up and so engage voters in a reward points scheme that involved bombarding Charlie Whelan – the former Labour public relations officer who now works for the Unite trade union – with Twitter messages (tweets).

Infosecurity understands that the hackers used the fact that any messages sent on Twitter with a given word – a hash tag – were auto-posted to the website, with details radiated on to Facebook and Twitter.

Hash tags were used in the infamous 'hack' of the Daily Telegraph budget newsfeed of last April, which auto-published tweets including the hash tag of '#budget' with predictably dire results.

In the Cash Gordon Twitter feed hack, it appears that internet users quickly realised that `#CashGordon' tagged tweets could include jump URLs, inviting users to link to adult sites, humourous Youtube videos and even the Labour website itself.

By Sunday morning, the URL jumps were being replaced by complex Javascript code that pointed users to a rotating succession of websites, allegedly ranging from the Labour party main site, to a famous German porn site, and a YouTube video of Rick Astley singing his 1987 hit 'never gonna give you up.'

Using misrouted URLs to take internet users to the Rick Astley song is a process known as `RickRolling' that has been linked to a popular German hacking group.

Infosecurity notes, however, that the Cash Gordon fiasco was probably the result of actions of a number of individuals on Twitter, rather than any concerned action by one group.

What’s Hot on Infosecurity Magazine?