DoubleSwitch: Social networks are undoubtedly a fast and easy way to distribute information that is often not true as we've seen on Facebook and Twitter.
Misinformation or “Fake News”Has become a top issue for social media platforms, and is said to affect millions of users with propaganda news and irrelevant lies.
Although major social networks such as Facebook, Twitter and Google have verified accounts with a blue tick for public figures, we have seen that hackers στοχοποιούν τους συγκεκριμένους λογαριασμούς για να μεταδώσουν ψεύτικα στα εκατομμύρια followers τους.
Security researchers have discovered a new attack technique currently used by hackers to take control of verified Twitter accounts to spread fake news.
The attack is called DoubleSwitch, and begins with theft of a simple bill. Hackers then change their username to someone who has a great influence on social media.
According to a publication by the Access Now digital rights group, hackers are targeting Twitter accounts owned by journalists, activists and human rights defenders in Venezuela, Bahrain and Myanmar. Some of them are verified accounts and have too many followers.
This attack was discovered when two journalists' accounts (Milagros Socorro and Miguel Pizarro), members of the Venezuelan parliament, were lost and then renamed.
Ο hacker he then began posting under a new account name, which resembled his original profile, and original usernames, but using the email addresses controlled by the attacker.
This means that whenever the victims were trying to retrieve their accounts using the password reset option, the confirmation messages were sent to the hacker. This makes it almost impossible for the victims to recover their account.
At present, it is unclear how hackers are able to understand verified user accounts, but it is believed that the attack starts with malware or phishing attacks.
What do you do if you steal your account?
Twitter offers an alternative way to recover your account with an electronic form. You can use this to report hacking directly to the Twitter team. Social network technicians review and investigate the issue to help victims recover their bills.
Using this method, Access Now helped journalists recover their access to their accounts.
Access Now reports that the DoubleSwitch attack can be carried out on Facebook and Instagram, but users can be protected by allowing two factors to be identified by the services.
However, two-factor verification is not a solution for journalists, activists and human rights defenders in countries like Venezuela, as they do not want to link their personal information, such as their phone numbers, to their online accounts .
