The latest high-profile case of a Twitter account being compromised was none other than that of the company’s CEO himself, Jack Dorsey. A group of hackers compromised the account and posted a stream of offensive messages.
The group used Twitter’s text-to-tweet service to post the offensive messages. This service is provided by Cloudhopper, which allows users to tweet by sending their messages to a short number code. To avail of the service, users need only link their phone numbers to their Twitter accounts. Since users usually have their phones under their control, they can easily use the service. But, what happens when some unknown rogue gains control of your phone and starts abusing it?
This is exactly what happened in Dorsey’s case. The company admits that a ‘security oversight’ on their part, allowed the hackers to gain control of Dorsey’s phone number and the subsequent barrage of messages. Such attacks are commonly called SIM swapping attacks. Here, the hackers convince the phone network operators (AT&T in Dorsey’s case) to assign the phone number to a new phone which they control.
SIM swapping is not a new technique and is widely used by hackers to bypass the two-factor authentication (2FA) to receive a one-time password (OTP). Most banks and payment service providers send an OTP to the users to authenticate themselves at the time of sign-in, or when making an online payment. When hackers gain control of the phone numbers, they can exploit them in many scary ways.
Cybercrime is now child’s play
Although the hackers’ run in the Twitter case was arrested within 15 minutes, it once again highlighted the poor security hygiene users follow when it comes to using online services. The incident also highlights the fact that perpetrating cybercrimes is now a child’s play. Users can consider using a PIN code as a security measure to access their telecom accounts with the network providers and exercise adequate caution.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.