The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account

On Friday afternoon, the 4.2 million Twitter followers of Jack Dorsey had an unpleasant surprise. A group of vandals had gained access to the account, and used that access to launch a stream of offensive messages and plugs for their group's channel of discord. In 15 minutes, the account was again under control and the group was excluded from Discord, but the incident was a reminder of serious vulnerabilities even in the highest profile accounts, and how insecure the phone-based authentication has become .

Hackers entered through the Twitter tweet text service, operated by the acquired Cloudhopper service. Using Cloudhopper, Twitter users can post tweets by sending text messages to a short code number, usually 40404. It's a useful trick for SimplePhones or if you simply don't have access to the Twitter application. The system only requires linking your phone number to your Twitter account, which most users already do for separate security reasons. As a result, controlling your phone number is usually enough to post tweets to your account, and most users have no idea.

. Getting control of Dorsey's phone number was not as difficult as it seems. According to a statement from Twitter a "security oversight" by the provider allowed hackers to take control. Generally speaking, this type of attack is called SIM piracy, essentially convincing an operator to assign the Dorsey number to a new phone they controlled. It is not a new technique, although it is used more frequently to steal Bitcoin or high-value Instagram IDs. It is often as simple as connecting a filtered password. You can protect yourself by adding a PIN code to your operator account or by registering web accounts such as Twitter through fictitious phone numbers, but those techniques may be too much for the average user. As a result, SIM exchange has become one of the favorite techniques of online rioters, and as we discovered today, it works more frequently than it seems.

Chuckling Squad, the team that took over Dorsey's account, has been playing This trick for years. His most prominent attacks so far have been a series of influential people in line with up to ten different figures that were attacked before Dorsey. They seem to have a particular trick with AT&T, which is also Dorsey's operator, although it is not clear exactly how they gained control. (AT&T did not respond to a request for comment.)

The history of this type of hacking is much older than Chuckling Squad or even SIM Swapping. Any system that makes it easy for a user to tweet will also make it easier for a hacker to take control of the account. In 2016, Dorsey was the target of a similar attack that took advantage of authorized third-party add-ons, which have often been abandoned but still retain permission to send tweets to the account. That technique has become less prominent as SIM exchange techniques have been more widely understood, but the basic goals of vandalism have not changed greatly.

However, the incident is embarrassing for Twitter, and not simply for the immediate fight. to regain control of the CEO account. The security world has known about SIM swap attacks for years, and Dorsey's account had been shattered before. The simple failure to ensure control of the CEO's account is a significant failure for the company, with implications that go beyond a few minutes of chaos. Hopefully, Twitter will learn from the incident and prioritize stronger security, perhaps even removing Twitter's verification from SMS, but given the company's history, I doubt that many people hold their breath.

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.