Twitter CEO’s account hack underlines risks
WASHINGTON: Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number.
Mr Dorsey became the latest target of so-called "SIM swop" fraud, which enables a fraudster to trick a mobile carrier into transferring a number. This type of attack targets a weakness in "two-factor authentication" via text message to validate access to an account.
Twitter said last Friday that the account was restored after a brief time in which the attackers posted offensive tweets.
But Mr Ori Eisen of security firm Trusona, which specialises in authentication without passwords, said the rapid fix should not be seen as an answer to the broad problem of SIM swop fraud.
"The problem is not over," he said, noting these kinds of attacks have been used to take over other high-profile social media accounts.
Some analysts said hackers have found ways to easily get enough information to get a telecom carrier to transfer a number to a fraudster's account, especially after hacks of large databases that result in personal data sold on the so-called dark Web.
"Mobile accounts' text messages can be hijacked by sophisticated hardware techniques but also by so-called 'social engineering' - convincing a mobile provider to migrate your account to another, unauthorised phone," said Mr R. David Edelman, who heads a cyber security research centre at the Massachusetts Institute of Technology.
"It takes only a few minutes of confusion to make mischief like Dorsey experienced." - AFP