Connect with us

SOCIAL

Twitter Provides New Detail on Recent Celebrity Account Hack

Published

on

Twitter has today provided another update on the extent of the recent hack which saw the profiles of several high profile users, including Barack Obama, Joe Biden and more, taken over and used to promote a cryptocurrency scam. 

Twitter hack

Already, Twitter had confirmed that 130 accounts, in total, had been targeted in the incident, and that the attackers had been able to gain full access to 45 of those. Further than that, for up to eight of the hacked accounts, the attackers also took the additional step of downloading historical and personal information through the “Your Twitter Data” tool, while some had also gone through the accounts’ DMs.

Twitter says that it’s limited in the information it can provide on the full extent of the incident, due to ongoing law enforcement action, but it’s provided these additional insights into what occurred:

“The attack on July 15th, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities in order to gain access to our internal systems.”

The process of phone spear phishing is essentially convincing the person you’re calling that you’re from an organization/department that requires their details – be that a government agency, an IT support line, etc. The caller then obtains what they can, and slowly pieces together the information, normally through a range of calls with different employees, in order to gain access info. 

Twitter provides further context on this process in its updated blog post on the event:

Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. 

So it’s a slow, deliberate process, gaining information, bit-by-bit, which gradually leads the hackers through to the access they need. Through this process, their phone hacks also become more convincing, as they learn the names of other employees, the details of how the systems work, insights that make their explanations more and more convincing as they progress.

“By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.”

Advertisement

So the scope of the attack hasn’t altered – though Twitter did initially say that they’d downloaded the data info from eight accounts, which is now down to seven. That doesn’t necessarily lessen the impact, but it’s a slightly better outcome than first thought.

In response to the event, Twitter says that:

“We’ve significantly limited access to our internal tools and systems [and] we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

Twitter also notes that its limited access to some internal tools for the time being, which may result in slower than normal response times for some support operations. 

“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously, and everyone at Twitter is committed to keeping your information safe. We’ll continue to share updates and precautionary steps we take so that others can learn from this, too. We recognize the trust you place in us, and are committing to earning it by continued open, honest and timely updates anytime an incident like this happens.”

The explanation, again, largely aligns with New York Times report on the incident, in which the NYT claimed to have spoken with the hackers responsible, who’ve since gone into hiding.

According to the NYT report, a hacker going by the name of ‘Kirk’ was able to gain access to Twitter’s administration tools by first being added to Twitter’s internal Slack channel, where he gleaned details that enabled him to eventually access Twitter’s internal tools. Kirk stopped talking to NYT when the FBI announced their involvement in the case.

The hacker’s initial aim was to obtain desirable Twitter handles, then on-sell them within the gaming community. Which, reportedly, he did, with several profiles changing hands, before he then switched his attention to celebrity profiles. The explanation is not verifiable at this stage, but again, it seems to mostly line-up with Twitter’s insights into the event.

Advertisement

In some ways, human vulnerabilities will always exist in any system, but subsequent reports have also suggested that Twitter was not overly cautious with its access permissions, and that thousands of staff and contractors would have theoretically been able to action such requests. We’re not likely to hear a lot more on that side of things till the full investigation is complete, but as Twitter notes, the incident serves as a reminder that platforms need to manage their security judiciously, especially when they have the scale and influence of the major social networks.

Socialmediatoday.com

Advertisement

SOCIAL

Expert shares advice for keeping children safe online

Published

on

The arrival of the mobile internet on the island in 2018 has revolutionized the way people express discontent and organize themselves in a one-party state known for its dislike of dissent

The arrival of the mobile internet on the island in 2018 has revolutionized the way people express discontent and organize themselves in a one-party state known for its dislike of dissent – Copyright AFP Yasuyoshi CHIBA

Keeping all electronic devices in one room is a measure that can be taken in order to protect your child online. Children have more access to screen time than ever before, in particular, access to the Internet. Hence, Internet safety has become an increasingly worrying problem amongst parents.

Internet expert Allison Troutner from VPNOverview.com tells Digital Journal about the best ways to keep your child safe online.

Consider a family ‘tech agreement’

Troutner  advises: “One way to set ground rules with your child is to create a Family Tech Agreement. A family tech agreement answers as many questions as possible about internet and device use so boundaries are clear to all family members. It’s a good way for the whole family to talk about safe and responsible online behaviours.”

To create a family agreement, discuss topics like:

•           What apps, games, or sites does the family use most?

Advertisement

•           What rules do we want to include in our agreement?

•           How long should we spend on our devices?

•           What information is safe to share (or not)?

•           What do we do if we see something inappropriate?

•           What email address do we use to sign up for accounts?

•           Do we know how to use in-app safety features like blocking and reporting?

•           Who can we talk to if we feel uncomfortable with something online?

•           Who is safe to talk to?

Advertisement

•           What happens when someone breaks the agreement?

•           When might parents be forced to break the agreement for safety?

Troutner advises: “This is a starting point: your family may discuss more topics on Internet safety for kids depending on the ages of your child or teens and what devices you use.”

Report any harmful content that you see

Troutner  recommends: “Flag or report all harmful content or contact you or your child experiences using social media apps using in-app reporting features. For cybercrimes, cyberbullying, or harmful content, use in-app features like Twitter’s safe mode to report it. Most social media companies have their own safety and privacy policies and will investigate and block content or users. Apps geared towards kids, like Facebook Messenger Kids, have clear guidelines and safety features so that users can block content or contacts and have a safer experience in the app.”

Balance safety with independence

Troutner cautions: “Technical controls can be a useful way to protect your children online but they can’t solve all your problems. Children need a certain amount of freedom and privacy to develop healthily. They need their own free space to learn by trial and error what works and what doesn’t. So keep balancing, it’s part of it. Having open and honest conversations with your children can be the best way to balance this safety.”

Keep the computer in a common space

Advertisement

Troutner states: “If possible, keep computers and devices in a common space so you can keep an eye on activity. It prevents children from doing things that might be risky. Also, if harmful or inappropriate content appears through messages, you can address it with your child straight away.”

Password-protect all accounts and devices

According to Troutner: “From phones to computers to apps, put a password on it. That way, no one without the password can access you or your child’s device. Keep track of passwords by using a password manager.”

Update your operating systems regularly

As a protective measure, Troutner advises: “All of your devices from mobile phones or tablets to computers and smartwatches receive important updates in response to security issues on a regular basis. Be sure to install them regularly so you have the most up-to-date security fixes and remain safe online. Our recommendation is to set updates to install automatically so your device is less vulnerable to known attacks. Usually, you can find this feature in Settings, then select Automatic Updates, but it varies between devices.”

Install security or antivirus software programs and a VPN on your computer

Troutner puts forward: “Additionally, cybersecurity or antivirus software programs prevent spyware or viruses that may harm your computer if your child visits a malicious site. Using these programs, parents can also set up regular virus checks and deep system scans to make sure there is no harmful activity happening under your nose.”

He adds: “A VPN hides users’ internet activity from snoops and spoofs your location. This protects your kids by making sure hackers or predators can’t detect their actual location. You can install a VPN on your router so that the location is spoofed on all connected devices.”

Advertisement

Set parental controls

Troutner  states: “It may seem obvious, but parental controls are crucial to your child’s safety online. Parent controls are built-in features included on devices and apps. With these features, parents customise their child’s online experience. What parental controls are available on each device or app varies, but in general, they limit screen time, restrict content, and enhance user privacy.”

Features of parental controls include:

•           Limit screen time.

•           Turn off in-app purchasing.

•           Prevent inappropriate or mature content.

•           Limit website access.

•           Play, message, or send/receive content with approved contacts only.

Advertisement

•           Monitor device location through GPS.

Troutner  concludes, emphasising: “Take time to look at what parental controls are available on your child’s commonly used apps. Then, set them to reflect the type of experience you think is best for your child or teen’s online safety.”

Source link

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish