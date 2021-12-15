Text size:

New Delhi: Early on Sunday, a tweet sent by Prime Minister Narendra Modis’s Twitter account announced that India had officially adopted bitcoin as legal tender. The tweet, which comes as India seeks to ban private cryptocurrencies, was quickly deleted and the PM’s manager said the matter had been forwarded to Twitter.

The national cybersecurity agency Computer Emergency Response System (Cert-In) has also launched a large scale survey to find out how the hack took place.

According to Twitter, however, the PM’s account was not compromised due to a breach of the social platform system.

We have 24/7 lines of communication with the PM’s office and our teams took the necessary steps to secure the compromised account as soon as we became aware of this activity, ”said a spokesperson for Twitter to ThePrint by email. “Our investigation revealed that there are no signs of other affected accounts at this time.”

In particular, Twitter took responsibility last year when several high profile accounts were compromised in a crypto scam.

While government officials also don’t rule out a Twitter security breach in this case, ThePrint spoke to experts who pointed out that the PM’s account could have been compromised for more prosaic reasons, including a lack of two-factor authentication. Twitter guidelines, meanwhile, say the reasons for these cases could range from malware or a virus to sharing the username / password with a malicious third-party website.

If it’s not a Twitter security hole, then what?

According to Debayan Gupta, assistant professor of computer science at Ashoka University, Sonepat, it is unlikely that the PM Modis account would have been compromised if two-factor authentication had been enabled.

He also told ThePrint that ideally for such a large account an air gap device should be used, meaning the device should only be used for Twitter and not for browsing other sites. , as this would make it more difficult to compromise the account. .

Twitter too Explain that the accounts may be compromised by a malicious third-party app or website with which you have shared the username and password. It further warns that you should be especially careful when sharing information with third parties that promise to get you followers, make money or verify you.

The microblogging site adds that compromises can also occur due to malware and viruses on the device, or a weak, easy-to-identify password.

Twitter recommendedset a strong password that is not used anywhere else and enable two-factor authentication so that the connection requires, in addition to a password, another factor such as a security code. Another effective option is security keys.

According to a transparency report Posted by Twitter in July this year, just 2.3% of active users said they used at least one two-factor authentication method between June and December 2020.

When did Twitter recognize

As of July 2020, the Twitter accounts of Jeff Bezos, Bill Gates, Joe Biden, Elon Musk and Barack Obama were all compromise and sent out tweets asking subscribers to send them bitcoin to get double the returns.

In this case, Twitter recognized that the hackers targeted a few employees by calling them and tricking them into sharing their usernames and passwords.

A successful attack forced attackers to access both our internal network as well as specific employee credentials that gave them access to our internal support tools, Twitter said of the hacking incident, in which 130 accounts in total were targeted, ultimately tweeting from 45, accessing DM inbox from 36 and downloading Twitter data from 7 ″.

Prayukth KV, chief marketing officer of Sectrio, the cybersecurity division of Bengaluru-based telecommunications analytics firm Subex, told ThePrint that the compromised PM’s account is similar to the 2020 incident.

Hackers send a message to the government that a) we will hit you at will and b) you cannot stop cryptocurrencies through legislation … It is a way for hackers to educate people about bitcoin, then use the hype to rip people off, Prayukth says.

However, Twitter, as mentioned earlier, argued that in the Modi case, the breach was not due to a breach of its systems.

When briefed on this, a senior government official said it was too early to rule out a security breach at the end of Twitter.

This is similar to how some other high value accounts have been compromised in the past. Previously, hackers had accessed the accounts of Donald Trump, Elon Musk, Jack Dorsey and Jeff Bezos. The @narendramodi_in handle was similarly compromised last year, ”the official said on condition of anonymity.

“The hack is being investigated to determine the possible location from which the attacks originated and to identify factors that may have caused the breach of Twitter’s servers, compromising the Prime Minister’s account,” the official added. .

What happened?

In the early hours of December 12, the account of India’s most followed Twitter user and the world’s most followed head of state tweeted: India has officially adopted bitcoin as legal tender.

About an hour after sending the fake tweet, the Prime Minister’s Office tweeted: PM’s Twitter handle @narendramodi was very briefly compromised. The matter was reported to Twitter and the account was immediately secured. During the brief period that the account has been compromised, any tweeted shared should be ignored.

(Edited by Asavari Singh)

