Even with considerable security precautions in place, Twitter CEO Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his telephone number.
Dorsey became the latest target of so-called “SIM swap” fraud, which enables a fraudster to trick a mobile carrier into transferring a number — potentially causing people to lose control not only of social media, but bank accounts and other sensitive information.
This type of attack targets a weakness in “two-factor authentication” via text message to validate access to an account, which has become a popular break-in method in the past few years.
Twitter on Friday last week said that the account was restored after a brief time in which the attackers posted a series of offensive tweets.
However, Ori Eisen, founder of Arizona-based security firm Trusona, which specializes in authentication without passwords, said that the rapid fix should not be seen as an answer to the broad problem of SIM card swap fraud.
“The problem is not over,” Eisen said, adding that these kinds of attacks have been used to take over other high-profile social media accounts and for various kinds of fraud schemes.
It was not clear how many people are attacked in this manner, Eisen said, but added that automated technology could create billions of calls that lure people into giving up information or passwords.
Some analysts have said that hackers have found ways to easily get enough information to get a telecom to transfer a number to a fraudster’s account, especially after hacks of large databases that result in personal data sold on the so-called “dark Web.”
“Mobile accounts’ text messages can be hijacked by sophisticated hardware techniques, but also by so-called ‘social engineering’ — convincing a mobile provider to migrate your account to another, unauthorized phone,” said R. David Edelman, a former White House adviser who heads a cybersecurity research center at the Massachusetts Institute of Technology. “It only takes a few minutes of confusion to make mischief like Dorsey experienced.”
Thousands of these attacks have been reported in countries where mobile payments are common, including in Brazil, Mozambique, India and Spain.
Researchers at security firm Kaspersky have said that security systems by many mobile operators “are weak and leave customers open to SIM swap attacks,” especially if the attackers are able to gather information such as birth dates.
In a blogpost, Kaspersky researchers Fabio Assolini and Andre Tenreiro said that some cases come from cybercriminals paying off corrupt employees of mobile carriers — for as little as US$10 to US$15 per victim.
“The interest in such attacks is so great among cybercriminals that some of them decided to sell it as a service to others,” they wrote.
In Brazil, some criminals have taken over victims’ WhatsApp accounts, using it to ask the person’s friends for “urgent payment,” they added.
TARNISHED LEGACY: Woodrow Wilson served as the university’s president before becoming the US’ 28th leader, but his racism was ‘significant and consequential’ Princeton University is removing former US president Woodrow Wilson’s name from its public policy school and one of its residential colleges after trustees concluded that the 28th president’s “racist thinking and policies” made him “an inappropriate namesake.” The Ivy League school’s trustees made the decision on Friday, according to a statement on Saturday. It comes at a time of widespread rethinking of the US’ racial legacy. The Black Lives Matter (BLM) movement, energized by a series of high-profile deaths of black Americans, has resulted in the removal of Confederate monuments, flags and symbols of racism across the US. Deleting Wilson’s name at Princeton
‘FULLY ENCLOSED’: Residents of Anxin County would be confined to their homes and would only be allowed out once a day to buy necessities such as food and medicine China yesterday imposed a strict lockdown on nearly half a million people near the capital to contain a fresh COVID-19 cluster as authorities warned the outbreak was still “severe and complicated.” After China largely brought the virus under control, hundreds have been infected in Beijing and cases have emerged in Hebei Province. Health officials said that Anxin County — about 150km from Beijing — would be “fully enclosed and controlled,” the same strict measures imposed at the height of the pandemic in the city of Wuhan earlier this year. Only one person from each family would be allowed to go out once a
Japan said it opposed changes to the G7 nations as it pushed back against a reform plan by US President Donald Trump that would have rival South Korea this year join in an expanded meeting. Tokyo has told the US it stands against South Korea’s participation on the grounds of differences in policy on China and North Korea, Kyodo News reported this weekend, citing more than one source related to Japanese and US diplomacy. Japan also wants to maintain its status as the only Asian country in the group, the news agency added. Japanese Chief Cabinet Secretary Yoshihide Suga yesterday told reporters that
‘CHAPITOS’: An ex-DEA agent said the sons of the former cartel head are engaged in a battle for control, with the health of the man temporarily in charge a factor The fight for control of drug kingpin Joaquin “El Chapo” Guzman’s legacy spilled into the open on Thursday after a gun battle between rival Mexican gangs left 16 dead, authorities said. The 16 men, heavily armed and wearing bulletproof vests, died in a six-hour running shootout near the rural town of Tepuche in northwestern Sinaloa province. “A van with seven bodies was located” after an initial clash, while nine bodies were discovered following a second exchange, Sinaloa Minister of Security Cristobal Castaneda told reporters. Castaneda said that Wednesday’s clash near Tepuche, 25km from the capital of Sinaloa, Culiacan, was “part of a struggle