There’s no denying that social media plays a big role in our lives today. From Facebook to Instagram to Twitter, these social media apps have become a major role of influence in our daily lives. Social media applications have over a billion subscribers worldwide, including celebrities, organisations, governments and world leaders alike.
While social media has provided a free platform for personal and professional expression, the increased connectivity has also brought about with it high security concerns. Hacks on popular social media accounts are widespread and common. While most social media applications have created various authentication methods for account access and usage, hacks continue to occur.
The most recent high-profile case was the hack on the Twitter account of the CEO and co-founder of Twitter himself, Jack Dorsey, who had his own account on the service briefly taken over by hackers. A group referring to itself as the Chuckling Squad claimed responsibility for the breach.
Jack’s account has more than four million followers. It tweeted out a flurry of highly offensive and racist remarks for about 15 minutes. Twitter released a statement saying its own systems were not compromised, instead blaming an unnamed mobile operator.
"The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorised person to compose and send tweets via text message from the phone number. That issue is now resolved."
It was later revealed that hackers had used a technique known as "SIM swapping" to control Jack’s account. A SIM swap attack is when threat actors are able to transfer and activate a person’s existing phone number onto a new SIM card that they possess, either by tricking staff at a mobile provider through social engineering methods or bribing them. This enables the threat actors to have access to the victim’s account credentials on various platform, including social media that rely on phone-based two-factor authentication.
In Jack’s case, once the hackers took control of his number, they were able to post tweets via text message directly on to Jack’s Twitter account.
Following this, Twitter released another statement saying it had disabled its text-to-tweet service.
So the question now is, could such an infringement be avoided? While cybersecurity concerns are always software-based, this method of “SIM swapping” is obviously something of a concern as well.
Telco companies need to take the right steps to ensure customer information is not easily accessible and their SIMs are not easily compromised. If Twitter’s CEO’s account could be hacked, it isn’t hard to imagine the amount of damage that could occur if another ‘Chuckling Squad’ took over an account of a world leader.
While putting the brakes on social media use and digital innovation is not a feasible option, rampant hacking episodes call for heightened cybersecurity measures.
Until a less inconvenient procedure comes along where we would not need to submit to a multi-layer secure authentication to access our accounts, unfortunately, this is what needs to be practised to ensure you are doing your best to secure your accounts.
Of course, there isn’t much you can do if someone decides to pay off personnel in a telco company for your information or to port your number to a different SIM card. Steps to prevent this would be on the security management of the telco themselves. I for one would appreciate if my Telco would show that they take strict measures against any action that would jeopardise the integrity of their business and compromise customer data.
To simplify, Telco companies need to ensure the access for such data is not easily authenticated and to have strict surveillance over any sort of transaction involving customer data.