Twitter CEO Jack Dorsey’s Twitter Account Hack: Cybersecurity Expert Explains

The Twitter account of Twitter CEO Jack Dorsey, known by twitter handle @jack was apparently hacked last friday. The suspected method o fthe account takeover is a SIM swap, whereby attacker intercept the SMS message by changing teh association of SIM card number to different device.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Alexander García-Tobar
Alexander García-Tobar , CEO and Co-founder
InfoSec Expert
September 2, 2019 11:48 am

This incident is a perfect example of the risks associated with communication – any form of communication – when sender identity is not authenticated. A hacker or hackers were able to take over or spoof Jack Dorsey’s phone number, probably by impersonating him in a call to his mobile service provider.

The spoofed tweets sent through Dorsey’s account are despicable and offensive, yet far greater damage can be done using similar techniques. We see this play out over and over again with email communication. A hacker leverages impersonation to send extremely convincing spear phishing emails to a company employee, and in no time, fake invoices are paid, consumers’ data exposed, wire transfers are made to fake companies – the list is endless.

To stop these attacks, we must focus on validating and authenticating sender identity, no matter the form of communication. With email, we can do this by taking steps like properly enforcing DMARC and implementing advanced anti-phishing solutions that confirm senders’ identities before allowing emails to enter employees’ inboxes.

Until we prioritize these initiatives as a society, we will continue to see attacks and an erosion of trust in our main forms of communication: phone, text, email, and social media.

Last edited 3 years ago by Alexander García-Tobar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x