It’s that time of the year again. Christmas is around the corner and almost everyone is planning a vacation to recharge their batteries. But there’s a group of hackers who appear to be in a very different state of mind.
They’re in no mood for a winter break and instead have taken it upon themselves to hack the accounts of India’s who’s who. Over the past couple of weeks, they have hacked Twitter accounts of Congress Vice-President Rahul Gandhi, beleaguered liquor baron Vijay Mallya and now even senior journalists like Barkha Dutt and Ravish Kumar.
They go by the name “Legion”. Not only have they hacked the Twitter accounts of India’s high profile personalities, but they’ve also released personal account details, passwords and contact numbers associated with the hacked accounts.
How Safe Is Twitter?
Twitter per se is as safe as it gets. It’s important to remember that only these high-profile accounts, and not Twitter as a platform, were hacked. The hackers seem to have gained access to information associated with individual accounts.
Sahir Hidayatullah, chief executive officer at Smokescreen Technologies and an ethical hacker says, “Social engineering and phishing is the number one attack vector for targeted threats. As the saying goes, ‘there’s no patch for human stupidity’. An attacker can persistently attempt multiple phishing campaigns and only needs to get lucky once, while you need to avoid falling victim 24/7/365.”
So it’s not just your personal Twitter account that you need to be careful with. It’s what you’re doing with each click on the internet. The real question you need to ask yourself is – are you going to be the victim of the next big phishing scam online?
Hidayatullah adds, “Even seasoned security professionals can fall victim to a well crafted social engineering campaign, as it is designed to exploit our real-world trust relationships and personal biases.”
What Are You Doing Wrong?
Nothing. And everything. There are several hygiene steps that one can take to attempt to protect themselves from such a hack, but nothing is entirely foolproof.
It may sound cliched when social networks and websites request users to use robust passwords and steer clear of generic ones like “123456” or “qwerty” or “password”.
However, if one was to go by the data set of 3,28,88,300 records on LeakedSource, a data aggregator of over 180 crore leaked records, then some of the most popular Twitter passwords amongst users seem to be the three above-mentioned ones.
According to LeakedSource, Twitter credentials are being traded in the tens of millions on the dark web, the encrypted portion of the internet which serves as a marketplace for drugs, weapons, bitcoins and practically anything contraband.
Twitter itself lists a number of measures you should adopt to help keep your account secure. Apart from using strong and unique passwords, it also recommends that you don’t give out account information to third parties, use updated browsers and computer software and ensure that you’re actually on twitter.com before entering your login information.
The social network also recommends using login verification, which is like an extra layer of security for your Twitter account.
This is just like the one-time password authentication that we use for online card transactions in India. Along with the password, you are also sent a code via SMS on your registered mobile number.
But, this can be cumbersome if you tend to log in several times a day. Hidayatullah points out, “Two-factor authentication significantly raises the bar for attacks that use social engineering or leaked shared passwords, however, it’s not foolproof. If the ‘second factor’ OTP is transmitted to your phone, it’s only as secure as your phone is. There have been multiple cases where attackers have been able to have duplicate SIM cards issued in order to intercept the SMS-based OTP.”
If you’re still wary and want to make it even more difficult for a hacker, then your best bet might be a password manager like 1password or LastPass. These ensure that every site you sign up for has a unique, randomly generated password.
So, just in case one of your passwords gets compromised, the damage is limited to only that account. Also, it might help to not store all your account information in one location such as an email or a notes app.
Better Safe Than Sorry
One thing is certain – there’s no panacea for cyber attacks. Usually, hackers are one step ahead of the most innovative security solutions.
As the saying goes, “prevention is better than cure.” Although there’s no sure shot way of preventing sickness or disease, there’s always things one can do to ensure they stay fit and healthy. The same holds true for cybersecurity.
Twitter Hygiene: Checklist
- Pick a robust and unique password. Avoid the obvious personal details
- Keep changing your password periodically
- Don’t publish your password information in any file/email. Use a secure password manager instead
- Switch to login verification wherever possible, and make sure you always have your cell phone on you
- Don’t get phished. Be wise with what you end up clicking on
- Remember to log out from your account once you’re done using it, especially if you’re using an office computer
- If you’re not well versed with using a VPN (Virtual Private Network) or find it too cumbersome, use private browsing sessions or go incognito. If you’re still lazy, then clear browser history and cookies regularly
Read more on the BloombergQuint.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)