Twitter Account of Activist and Journalist Hacked to Spread Fake News
As per the report from Access Now, digital rights group, activists from the Venezuela to Bahrain were getting victimized to the devious latest account hack. The hack, known as "DoubleSwitch", starts with the simple account takeover; however it is followed by several name changes designed for hiding the tracks of the attacker and bewilder followers.
After having taking over the given twitter account (let's say @russellbrandom), attackers of DoubleSwitch will move existing account to a new screenname (let's say, @fake _russell) and then create a new account in the original screenname by frequently using same display name as well as profile photo. When the target tries to recover its account, they will go to original screenname that is now registered with the email of hacker. Moreover, they don't have any easy way of finding their original account, which is currently bearing original recovery emails as well as followers under a changed name.
Fortune.com posted on June 9th, 2017, stating that the hackers had used the accounts for distributing false news, something which has been specifically problematic in Venezuela due to political unrest in the country including a govt. crackdown, which involves censorship and surveillance.
The politician/activist and journalist both contacted the digital help-line Access Now that is operating in several countries, and asked for support to get back their accounts. Twitter didn't respond to a comment request, while the Facebook says that it recognized risk of the bad actors using the social media for spreading the misinformation. A spokesperson of Facebook told The Verge that they are taking several steps to help reduce these risks, like building combination of manual and automated systems for blocking the accounts that are used for the fraudulent purposes. He further added that "we continue to encourage people to use two-factor authentication."
In few cases, the requirement of secrecy actually pushes the targets away from the two-factor verification. Twitter needs a phone number for enabling two-factor, which increases real worries for the activists publishing under aliases, who might be target of govt. reprisals. Bedoya says that, "they don't want to give a phone number that identifies them. That's preventing a lot of at-risk users from using two-factor."
» SPAMfighter News - 6/13/2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!