Hackers caught cloning activist Twitter accounts to spread fake news

It's a chilling new attack method, which causes confusion and leaves victims completely helpless

Aatif Sulleyman
Friday 09 June 2017 18:23 BST
Comments
Journalists, activists and human rights defenders have been targeted
Journalists, activists and human rights defenders have been targeted

Hackers are using a cunning new attack method to neutralise activists’ Twitter accounts.

It involves the hacker taking over an account, cloning it and completely changing the original.

What’s more, thanks to their knowledge of how Twitter’s account recovery and recycling processes work, the hackers are managing to lock the victims out of their accounts and keep them out.

The attack has been dubbed the ‘Doubleswitch’, and it was first reported by digital rights group Access Now.

It says hackers have targeted the accounts of journalists, activists and human rights defenders in Venezuela, Bahrain and Myanmar, some of which were verified and “had a large following”.

After hacking them, Access Now says the attackers “updated the account information by changing the password and the associated email address, locking out the legitimate user.”

They then changed the accounts’ usernames and, crucially, took advantage of an option that enables Twitter to recycle unwanted usernames.

“After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address,” says the group.

“When these victims attempted to recover their accounts, Twitter’s confirmation emails went to the hijackers, who pretended that the issue had been resolved. The hijackers then proceeded to delete one of the original accounts, making it even harder for the victim to recover it.”

Journalist Milagros Socorro and Miguel Pizarro, a member of Venezuela’s parliament, were both hacked using this method.

With help from Twitter, their accounts were eventually recovered, but not before the hackers had started spreading fake news through them and deleting past tweets, confusing followers and damaging their reputations in the process.

Access Now says Doubleswitch attacks can also be carried out on Facebook and Instagram, but says users can protect themselves by enabling multi-factor authentication.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in