Whoever hacked Tyler Cowen's account used it to send out two spam Tweets:"An amazing new weight loss product! It worked for me and I didnt even change my diet!" and "Lose 5 lbs of Fat in a week", both sending the user to some t.co address I dare not hit. It's hard to imagine anybody who follows Tyler would have seen those and thought it more likely that he'd sent them than that his account was hacked.
I would have thought that Twitter account hackers would have run everything through a filter. Anybody with small numbers of followers or low Klout scores would get the lame spam tweets. But Tyler has a Klout score of 60 and about 20,000 followers, including some of the world's top economists and surely some top of the world's top government and central bank officials (among those on Twitter). I would have thought that a flag would go up for hackers that accounts with >10k followers or Klout >50 just might be worth a bit more individualised attention.
What sort of individualised attention? A decent proportion of Tyler's followers would have hit a link recommended by @TylerCowen to something like "This is the new best explanation of how the Euro crisis will unfold". I'm (obviously) not even trying to make it sound like Tyler. Scrape the content from some page from the Economist, FT, Scott Sumner - whatever. Put it on a malware infection site. A thousand really high value computers get directed to the site; maybe you get 250 infections depending on the strength of folks' security settings.
Just flip through the first 50 Tweets and see what's drawn a lot of clicks (hover over a bit.ly link sometime). Based on the feed, I'd have set up malware sites with fake reviews of Tyler's new book (Twitter teaser: Now this review of *An Economist Gets Lunch* is particularly unfair [link]); something on the EuroCrisis, a eulogy to Doc Watson, and something on fear of GMO foods. All of those drew lots of click-throughs. And throw in one like "A handy guide for every central banker as the Euro dissolves." Scrape dummy content into malware sites for each.
So obviously Twitter spammers aren't doing this. Or at least Tyler's hacker didn't. We can then conclude:
- The expected per user returns to malware infections are very low, even for potentially high value infections;
- I'm overestimating how easy it is to do this; cognitive limitations are more binding that I expect.
- Tyler's followers just got a lucky draw; he was hacked by somebody who installed FireSheep and isn't linked into any particularly sophisticated networks.
The first one's potentially plausible. The second one isn't - somebody will figure it out and will pay more for hacked account login details than will other spammers. The third can be sustained in equilibrium if you've always new hackers downloading FireSheep and imperfect information on who's paying most for hacked accounts.