Social media networks are no dubiousness a quick together with powerful way to percentage information together with ideas, but non everything shared on Facebook or Twitter is true.
Misinformation, or "Fake News," has emerged every bit a principal number for social media platforms, seeking to influence millions of people alongside incorrect propaganda together with falsehoods.
In past times years, nosotros involve keep seen how political parties together with other groups involve keep used spoofed social media profiles of influencers or leaders to spread misinformation, together with most of the fourth dimension such techniques piece of job to successfully convince people into believing that the information is true.
Although social media services similar Facebook, Twitter, together with Google, offers concern human relationship verification (verified accounts alongside bluish tick) for populace figures, nosotros involve keep seen hackers hijacking verified accounts to spread simulated word from legitimate concern human relationship to their millions of followers.
Now, researchers involve keep uncovered a new, cunning laid on technique currently beingness used past times hackers to accept over verified Twitter accounts together with rename them to influential people inward guild to spread simulated news.
Dubbed DoubleSwitch, the laid on begins alongside a uncomplicated concern human relationship takeover, but together with then the hackers alter the username together with display lift alongside the i having a large influence on social media.
According to a new report from digital rights grouping Access Now, hackers are targeting Twitter accounts of journalists, activists, together with human rights defenders inward Venezuela, Bahrain, together with Myanmar, about of them were verified alongside a large number of followers.
This laid on was discovered when 2 journalists — Milagros Socorro together with Miguel Pizarro, a fellow member of Venezuela's parliament — were hacked together with and then renamed.
What's creepy? The hacker together with then registered a novel account, resembling alongside their master profiles, nether the master usernames (Twitter handles), but using the attacker's controlled electronic mail addresses.
This means, every fourth dimension victims examine to recover their accounts using regular password reset option, the confirmation emails volition travel sent to the hijacker, who pretends that the number has been resolved, making it almost impossible for the victims to recover their account.
Hackers together with then travel hijacked verified accounts, but renamed to about other influence, to feed simulated word to the millions of followers of the master accounts.
While it's unclear how the hackers managed to hijack the verified users at the commencement place, it is believed that the laid on begins alongside malware or phishing attacks.
To illustrate how effective DoubleSwitch technique is, nosotros involve keep prepared an representative below:
Let's say, a hacker somehow managed to hijack The Hacker News’ Twitter account (@thehackersnews), which is verified alongside 368,000 followers, where most of the are influencers inward Infosec community.
And together with then the "DoubleSwitch" begins.
The First Switch: Once hacked, the hacker commencement changes the password together with associated electronic mail id, along alongside the username, let's tell @tim__cook, spoofing the Apple's CEO who is on Twitter alongside @tim_cook (single underscore).
Now, the hacker holds a verified concern human relationship alongside the lift of Apple CEO Tim Cook together with tin feed misinformation to nearly 370,000 influential followers from the tech industry, together with many of them volition believe without realising the concern human relationship is hijacked together with the tweets from it are fake.
The Second Switch: The hacker creates a novel Twitter concern human relationship alongside the master username @thehackersnews, which volition travel available, every bit i time a Twitter concern human relationship is deactivated, the handgrip for that concern human relationship is freed for others to use.
But hear it, this novel Twitter concern human relationship registered alongside our Twitter handgrip (@thehackersnews) volition non travel verified alongside zip followers.
In guild to croak our concern human relationship back, if nosotros travel password reset option, Twitter volition ship the confirmation electronic mail entirely to the attacker' electronic mail id that he used to register the novel account.
So whatsoever endeavor past times the victim to find access to its concern human relationship fails, every bit the aggressor tin but notify Twitter that the number has been resolved, locking out the legitimate concern human relationship holder.
Fortunately, Twitter likewise offers an alternative way, an online form, to written report concern human relationship hacking incidents straight to the Twitter team, which together with then they review together with investigate the number accordingly to assistance victims recover their accounts.
Using this method, Access Now helped the journalists find access to their accounts, but past times the fourth dimension they regained access, about of the master concern human relationship holder’s tweets were deleted, together with the accounts were used to spread the simulated word virtually events inward Venezuela, confusing followers together with damaging their reputations inward the process.
Access Now says the laid on tin travel conducted over Facebook together with Instagram every bit well, but users tin protect themselves past times enabling two-factor authentication characteristic offered past times the services.
Two-factor authentication uses 2 unlike methods inward an endeavor to verify a user's identity — a password together with a one-time passcode (OTP) sent to the user's mobile telephone — which makes it much harder for hackers to compromise an concern human relationship inward the commencement place.
However, two-factor verification is non an actual solution for the journalists, activists together with human rights defenders inward countries similar Venezuela, every bit they practise non associate their personally-identifiable information similar telephone numbers alongside their online accounts inward fearfulness of getting spied on.
Misinformation, or "Fake News," has emerged every bit a principal number for social media platforms, seeking to influence millions of people alongside incorrect propaganda together with falsehoods.
In past times years, nosotros involve keep seen how political parties together with other groups involve keep used spoofed social media profiles of influencers or leaders to spread misinformation, together with most of the fourth dimension such techniques piece of job to successfully convince people into believing that the information is true.
Although social media services similar Facebook, Twitter, together with Google, offers concern human relationship verification (verified accounts alongside bluish tick) for populace figures, nosotros involve keep seen hackers hijacking verified accounts to spread simulated word from legitimate concern human relationship to their millions of followers.
Now, researchers involve keep uncovered a new, cunning laid on technique currently beingness used past times hackers to accept over verified Twitter accounts together with rename them to influential people inward guild to spread simulated news.
Dubbed DoubleSwitch, the laid on begins alongside a uncomplicated concern human relationship takeover, but together with then the hackers alter the username together with display lift alongside the i having a large influence on social media.
According to a new report from digital rights grouping Access Now, hackers are targeting Twitter accounts of journalists, activists, together with human rights defenders inward Venezuela, Bahrain, together with Myanmar, about of them were verified alongside a large number of followers.
This laid on was discovered when 2 journalists — Milagros Socorro together with Miguel Pizarro, a fellow member of Venezuela's parliament — were hacked together with and then renamed.
What's creepy? The hacker together with then registered a novel account, resembling alongside their master profiles, nether the master usernames (Twitter handles), but using the attacker's controlled electronic mail addresses.
This means, every fourth dimension victims examine to recover their accounts using regular password reset option, the confirmation emails volition travel sent to the hijacker, who pretends that the number has been resolved, making it almost impossible for the victims to recover their account.
Hackers together with then travel hijacked verified accounts, but renamed to about other influence, to feed simulated word to the millions of followers of the master accounts.
While it's unclear how the hackers managed to hijack the verified users at the commencement place, it is believed that the laid on begins alongside malware or phishing attacks.
How DoubleSwitch Attack Works (Illustrated Example)
To illustrate how effective DoubleSwitch technique is, nosotros involve keep prepared an representative below:
Let's say, a hacker somehow managed to hijack The Hacker News’ Twitter account (@thehackersnews), which is verified alongside 368,000 followers, where most of the are influencers inward Infosec community.
Original @thehackersnews Twitter Account |
Original Tim Cook Twitter Profile |
Hijacked @thehackersnews Account (Impersonates Tim Cook) |
The Second Switch: The hacker creates a novel Twitter concern human relationship alongside the master username @thehackersnews, which volition travel available, every bit i time a Twitter concern human relationship is deactivated, the handgrip for that concern human relationship is freed for others to use.
But hear it, this novel Twitter concern human relationship registered alongside our Twitter handgrip (@thehackersnews) volition non travel verified alongside zip followers.
Locking the Legitimate Account Owner Out of its Account
In guild to croak our concern human relationship back, if nosotros travel password reset option, Twitter volition ship the confirmation electronic mail entirely to the attacker' electronic mail id that he used to register the novel account.
So whatsoever endeavor past times the victim to find access to its concern human relationship fails, every bit the aggressor tin but notify Twitter that the number has been resolved, locking out the legitimate concern human relationship holder.
Fortunately, Twitter likewise offers an alternative way, an online form, to written report concern human relationship hacking incidents straight to the Twitter team, which together with then they review together with investigate the number accordingly to assistance victims recover their accounts.
Using this method, Access Now helped the journalists find access to their accounts, but past times the fourth dimension they regained access, about of the master concern human relationship holder’s tweets were deleted, together with the accounts were used to spread the simulated word virtually events inward Venezuela, confusing followers together with damaging their reputations inward the process.
Access Now says the laid on tin travel conducted over Facebook together with Instagram every bit well, but users tin protect themselves past times enabling two-factor authentication characteristic offered past times the services.
Two-factor authentication uses 2 unlike methods inward an endeavor to verify a user's identity — a password together with a one-time passcode (OTP) sent to the user's mobile telephone — which makes it much harder for hackers to compromise an concern human relationship inward the commencement place.
However, two-factor verification is non an actual solution for the journalists, activists together with human rights defenders inward countries similar Venezuela, every bit they practise non associate their personally-identifiable information similar telephone numbers alongside their online accounts inward fearfulness of getting spied on.
Share This :
comment 0 Comments
more_vert