Officials scramble to find source of inappropriate tweets
CHARLESTON, W.Va. - Officials are not sure how jokes about heavy drinking and links to pornography websites came to be posted on a state-run social media account.
The official Twitter account for WVOASIS, the group responsible for setting up the state's Enterprise Resource Planning system, posted a tweet on Saturday evening: "Bumper stickers are how we tell people we only had $1.50 to spend on a belief system."
The snarky one-liner seems innocuous enough, but the message also included a link that redirected users to a pornography video.
"We are looking into what happened and when the posts were made," WVOASIS spokeswoman Allison Adler said via email on Monday. "We will inquire with the Twitter Help Desk to try to figure out what occurred."
Adler originally said the account was "hacked," but later said she used the word too loosely.
"As of now, we have no confirmation that the account has been hacked," Adler said.
She said WVOASIS became aware of the post only Monday morning and deleted it, along with another bawdy tweet that was on the account for nearly two months.
"I've been putting vodka in my fruit smoothies. Also, no fruit," read a post from April 27.
That tweet also included a link, although it no longer works.
Adler said the group's IT team changed the password to prevent further messages from being posted.
The state is paying more than $110 million for its multi-year Enterprise Resource Planning project, which is meant to incorporate all state computer systems under one roof, allowing agencies to manage accounts, personnel and assets using just one system.
Adler said WVOASIS's Facebook and Twitter accounts are run by its "enterprise readiness team," which is charged with outreach and communication efforts.
The WVOASIS Twitter account usually posts links to the group's Facebook account, which mostly includes photos and videos of employees training to use the new computer system.
Neither account is very popular. The Facebook page has only 130 likes, while the Twitter page had only 16 followers as of Monday evening.
A quick Google search turned up multiple, apparently unrelated Twitter accounts posting identical jokes and links as the ones featured in the WVOASIS tweets, which could point to hackers.
Chris Vance, a digital forensics specialist at Marshall University's Forensic Science Center, said it's difficult to guess how or why WVOASIS's account would be hacked.
"It's hard to say, because there's a lot of ways it could happen. In most cases, when a Twitter account is compromised, it's probably due to a weak password," he said.
Accounts also can be hacked by viruses or other malicious software, which could have invaded a user's computer or smart phone and snaked its way to the Twitter account.
"Say you have 20 people that can post to this Twitter feed. If one of these people's phones are compromised, that password is known," he said.
He said the best way to avoid being hacked is to limit access to accounts, and keep track of who is authorized to post on them. Vance also recommends using strong passwords that do not include any biographical information, and changing those passwords often.
Attacks on Twitter accounts are not uncommon. In late April, The Associated Press's official account was compromised and tweeted a fraudulent breaking news alert claiming there had been explosions at the White House and President Barack Obama was injured.
The account was shut down moments later, and The AP confirmed it had been hacked.