Is Twitter Less Secure Than E-mail?

New research takes a look at the Twitter crime rate, which is on the rise, but might not be as bad as one would think.

LAS VEGAS -- Barracuda Networks is out this week with new research attempting to quantify how much malicious activity occurs on Twitter. Barracuda defines the Twitter "crime rate" as the percentage of accounts created per month that are eventually suspended by the company.

Barracuda presented its research here at the BSides event, down the Strip from the Black Hat security conference.

In total, Barracuda looked at more than 25 million accounts and found that the crime rate for the first half of 2010 is only 1.67 percent. Barracuda saw the crime rate on Twitter fluctuate from month to month, peaking in October 2009 when the rate checked in at 12 percent.

David Maynor, a research scientist at Barracuda Networks, told that Twitter has not published a rigid set of guidelines specifying why accounts are deleted, though spammers and phishers are likely candidates for deletion.

While some Twitter accounts may have been set up by those with malicious intent, others may have been compromised by third-party applications, a situation Twitter is trying to address by moving to the OAuth. Maynor said that OAuth can be helpful, but won't necessarily make much of a difference to the Twitter crime rate.

"OAuth is the first step toward building a more secure infrastructure," Maynor said.

Paul Judge, chief research officer and vice president cloud services at Barracuda Networks, noted that while OAuth enables third-party apps to safely connect to Twitter, real security depends on users remaining vigilant.

"Users can still be tricked to giving an OAuth authorization to applications that are malicious," he said.

Compared to other forms of online communications, Twitter's crime rate ranks somewhere in the middle.

"The crime rate on Twitter is more than it is on Facebook but less than it is on e-mail," Judge said.

He said that it's more difficult to create a fake Facebook profile than a phony Twitter account. When it comes to adding friends on Facebook, people tend to pay closer attention, he said.

"With Twitter it's a very lightweight process to create an account," Judge said.

The process of following people is also simple, and doesn't require any confirmation of the relationship. That open nature makes Twitter a cozier environment for attackers than Facebook, Judge argued.

On the other hand, the crime rate on e-mail is much higher than it is on Twitter.

"With email 95 percent of the traffic on SMTP is unwanted," Judge said. "The Twitter universe hasn't reached that level."

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Tags: security, email, Twitter, social media, email security

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.