Imagine for a second that you're the kind of person who posts their personal phone number to Twitter. I know, I know, it's tough, but bear with me. So you do this, and then you get a bunch of texts giving you some facts about cats and asking you to tweet "Meow, I <3 Cat Facts" at Edward Snowden to make it stop. Yeah, that guy. You heard about him on the news a few times. You think he's a terrorist. And now he's sending you unsolicited texts. Did he hack your phone? Whatever, you just want to make the cat facts stop. So you tweet "Meow, I <3 Cat Facts" at Ed Snowden.
RT LadyDitheAuthor: Snowden "Meow, I <3 catfacts" please remove my number 478-283-7755 from your texts list. Thank you.
— JoeJoe (@1234joejohn) November 18, 2015
Okay, thought experiment over. This drama is real, and has played out dozens upon dozens of times on Twitter over the last week. A hacker who said they "try to keep my hat as white as possible" in an email has unleashed a torrent of cat facts on people foolish enough to leave their numbers exposed on the public platform. The live Twitter feed for "Meow, I <3 Cat Facts" is thus a thing of beauty, and maybe art. But there's a lesson here.
"I've found Twitter user's operational security failures interesting," the programmer behind the cat facts gag wrote me in an email. "People get angry when they get their cat facts, but they don't realize that this could be a perfect vector for spreading mobile malware or performing other attacks. Think of Android Stagefright or phishing them into installing a malicious app."
The hacker said they're using an automated script to scrape Twitter's API (which means they have access to the site's data), and then using an anonymous texting app called Anonytext to send out the messages. Apparently, it was pretty easy, especially when so many people leave their numbers out in the open. But why rope Snowden in?
"He likes cats, and I thought people might find it funny if they thought Snowden was texting them," they wrote. "Turns out most of the meowers don't even know who Snowden is."
Well, no shit.