DoubleSwitch Twitter Hack: New Attack Targets Activists On Twitter
A new attack is targeting activists around the world with an active presence on social media platforms—Twitter, in particular—and is being used to hijack accounts and spread fake information.
The so-called “DoubleSwitch” attack, which compromises trusted accounts and locks the account owner out indefinitely, was identified by digital rights group Access Now and has affected activists operating in countries like Bahrain, Myanmar and Venezuela.
Read: Turkish Hackers Compromise Hundreds Of Twitter Accounts, Target 'Nazi Holland'
The DoubleSwitch campaign begins like a standard attack designed to compromise a user’s account—and it is no secret that active accounts with large followings are often in the crosshairs of these types of attacks.
Once the attackers have successfully hijacked a victim’s account, they immediately update the account information by changing the password and the associated email address linked to the account. Doing so effectively locks the user out of the account.
Once the login information has been changed, the hijackers change the handle on the original account, which allows them to re-register the handle with new credentials. With the original handle now linked to accounts that the victim has no association with, it becomes next to impossible to recover because the original account has a new name and the name associated with the original account is now a dummy account.
With full access to not only the account itself but the network of followers, the attackers are able to use the influence of the victim to spread misinformation to people who trust and rely the account.
The method of attack has been more prevalent on Twitter thus far, though there’s little reason to believe it couldn’t be replicated on other platforms. Access Now reported receiving requests for help in recovering accounts from Venezuelan journalist Milagros Socorro and human rights activist and member of Venezuela parliament Miguel Pizarro.
In the reported cases, there is no clear indicator in what led to the accounts being compromised in the first place, but it is believed the attackers use standard phishing methods to trick the user into giving up their credentials. Those who don’t use two-factor authentication to protect their account are especially vulnerable to these types of attacks.
In addition to enabling two-factor authentication, which can be found in the Settings and Privacy menu on Twitter under the Security header, Access Now has also called on Twitter and other social networking sites to develop features and rules to counteract attacks like DoubleSwitch. Twitter, for instance, has added the option to require a user provide personal information to verify any password change.
Twitter also allows users to set up verification methods that use app-based authenticators like Authy or Google Authenticator. These services operate similarly to standard two-factor authentication, which requires the user enter a code sent to an associated device, but allows the user to get the code without exposing their phone number.
© Copyright IBTimes 2024. All rights reserved.