Twitter CEO Jack Dorsey's Account Has Been Hacked
By duplicating the number used by him to connect to his Twitter account, hackers were able to post Tweets on his account as easily as sending an SMS.
Cyber security is a starkly eminent concern in todays world as it seems not even the social media elite are safe. Twitter CEO and co-founder, Jock Dorsey’s account was taken over by hackers on Friday
We're aware that @jack was compromised and investigating what happened.— Twitter Comms (@TwitterComms) August 30, 2019
The profile, which has over 4 million followers, went into a tweet-storm for about 15 minutes, sending out some extremely offensive remarks. A hacker’s group called The Chuckling Squad has claimed responsibility - and notoriety - for the attack.
The offensive tweets from the iconic @jack handle focussed on using racial slurs and making anti-semitic comments, particularly centred around the Holocaust, with retweets supporting Nazi Germany. One tweet even suggested that there was a bomb at Twitter’s headquarters. They were posted around 2000 GMT. Some of them featured the hashtag, #ChucklingSquad, which is the same calling card left behind by the group in previous hacking jobs.
The tweets remained on the site for about half an hour before they were deleted.
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.— Twitter Comms (@TwitterComms) August 31, 2019
Concerns were raised about how secure Twitter can claim to be when even its maker can get hacked, but sources at the company told the BBC that the security breach could be traced to the mobile operator used by Jack Dorsey.
They ensured users, through a statement posted on the site, that there was “no indication that Twitter’s systems have been compromised”.
Using a technique called “sim jacking”, it seems that the hackers transferred Dorsey’s number to a new SIM card, and then used phone credentials to post Tweets from his number directly via text message.
Tweeting by text message is possible in two ways - one by a direct SMS sent to a particular number, which is a service the site still offers considering users who need to communicate in low connectivity areas.
The second is through a third party app called Cloudhopper. Cloudhopper is a company that was previously acquired by Twitter, to help post Tweets from the phone number associated to your account. It leaves a signature on Tweets, citing the source of the Tweet as “Cloudhopper”. This seems to be the way The Chuckling Squad hacked Dorsey’s accounts.
.@Jack’s account has been hacked.— Sam (@Hooray) August 30, 2019
The Tweets are coming from a source called Cloudhopper. Cloudhopper was the name of the company Twitter acquired a long time ago to help bolster their SMS service.
Looks like the hackers are Tweeting via the old SMS service... pic.twitter.com/YcU3DTn9wS
By duplicating the number used by him to connect to his Twitter account, they were able to post Tweets on his account as easily as sending an SMS.
This is not the first high profile attack by The Chuckling Squad. This is only the most recent in a spate of Twitter hackings attributed to the group, including accounts that belonged to now deceased celebrities like Youtube star Desmond Amofah, known on Twitter as @Etika.
The biggest cause for concern on Twitter in particular is the fact that so many world leaders use it as a platform for information dissemination and communication. This rather ironic attack came in the context of Dorsey and Twitter launching an overhaul on the site to “aggressively clean up offensive and inappropriate content”, as a part of an initiative to focus on cyber safety.