The banality with which they hacked the Twitter CEO’s account should make us think – Test Post 1

view_content

This is a test post wich we plan to reward users for viewing published content

On Friday, August 30, Jack Dorsey, the CEO of Twitter, spent a bad quarter of an hour. In the afternoon, a group of hackers called Chuckle Squad managed to get hold of his private account and started “chirping” on the social network a series of racist and anti-Semitic posts . The situation has returned to normal within about ten minutes, the time needed to regain control and to cancel offensive messages, but what has happened has left everyone appalled: not only has an account of the social most loved by politicians been violated , especially in the USA, but that account was not of any person, but of its CEO. Here’s how they hacked the Twitter CEO’s account In hindsight, the hackers who targeted Jack Dorsey’s account failed to take complete control of it, they simply found ways to post tweets . This does not make the incident any less serious, but leads to reflect on the implementation of social security measures: even the activation of two-factor authentication has prevented Chuckle Squad members from violating such an important account. To carry out the attack, the technique of Sim Swapping has been exploited , with which the scammers manage to register a specific phone number to a new SIM, thus overcoming also the possible two-factor authentication (the code of authentication will be sent to the new SIM in the hands of pirates). In this case, the hackers didn’t even need it since once they registered a new SIM with Dorsey’s number they just sent tweets via SMS. A function that comes in handy when you are in areas with little signal or to send twitters even from common cell phones without smart functions, but that as we have seen has big limits with regards to security . Just a few hours after the incident, Twitter wanted to specify that the attackers exploited a security hole of the telephone provider , not the social network . The phone number was compromised due to the mobile provider. This is a message from the phone number. That issue is now resolved. – Twitter Comms (@TwitterComms) 31 August 2019 ” The telephone number associated with the account was compromised due to a security error by the telephone provider. This allowed an unauthorized person to send tweets via SMS from a telephone number. The problem has been solved .” How to defend yourself from this kind of attacks? Since this is a vulnerability of the telephone company and not of the social network, the advice is not to use the telephone number for two-factor authentication but to rely on more secure methods, such as the Google code generating app . This applies not only to Twitter, but to any account. It is surprising in this regard that a prominent figure like Dorsey had not taken further precautions, considering that the technique of SIM Swapping is certainly not new and has been used many times, above all to subtract cryptocurrencies.