Hacking Smear Campaigns and their Effects
Earlier this week Houseparty - an app for video chatting and gaming with friends - issued a statement offering $1m for proof that recent hacking and/or breach allegations against it were a coordinated smear campaign. In this briefing, we will take a look at what happened, what may lead to such attacks and what the future may hold.
Houseparty experienced rapid growth over the last few months due to the ongoing COVID-19 pandemic. The app allows users to see, talk to and play games with others that are physically in different locations. Over the weekend, several users started uploading tweets claiming that they had been locked out of other accounts after installing the Houseparty app.
Such statements lend themselves to two interpretations.
That Houseparty itself is malware and stealing user credentials - a claim that is hard to believe for an app owned by a large and well-known company
That Houseparty has some sort of weakness that is used by attackers to take over user accounts - a claim that is more realistic but completely unproven
In response, Houseparty denied the claims and offered a $1m bounty for information proving that the tweets were part of a coordinated smear campaign.
As of this writing, there is neither proof that Houseparty was the cause of the account takeovers, nor any serious accusation made by an expert, nor any proof that the accusations were a coordinated smear campaign.
Why would smears happen?
As the COVID-19 pandemic continues to cause lockdowns in entire countries, most of the world is reeling from the fallout. However, some sectors of the economy such as video conferencing, gaming or medical supplies are naturally booming. As such, many apps that were minor until now - including Houseparty, Zoom, Parsec, and many others - saw a significant increase in user numbers. It is conceivable - but not proven - that some competitors in this booming market may employ unethical methods in order to gain a larger user share.
Why would it work?
Like with many things in 2020, there are two courts that any claim may be judged by. The first are courts of law. They operate on an assumption of innocence, are thorough, slow but usually deliver relatively fair judgments overall.
The second court is that of public opinion. It mostly operates on social media platforms, is swift, biased and emotion-driven. The countless “cancelings” and “uncancelings” of public figures due to real or imagined scandals serve as a good example.
While most of us know that the court of public opinion is unreliable, we are nonetheless emotional creatures. If we are deciding between several options to fill a need (e.g. video calling) and one of these options has negative press attached to it, then we are very likely to choose a different option.
As such, if the allegations can be proven wrong and the app can be proven secure, the damage will still be done. This is likely why Houseparty is offering a bounty for proof of the smear campaign. The only way to recover their losses would be to prove that a competitor made a coordinated effort to smear them - therefore shifting the negative press to said competitor.
Of course, many other scenarios such as state actors preferring users to use a specific app are also conceivable. Alas, so far, nothing is proven.