•   
  •   
  •   

TechnologyTwitter CEO hack highlights dangers of 'SIM swap' fraud

16:40  04 september  2019
16:40  04 september  2019 Source:   msn.com

Salt-N-Pepa's longtime DJ Spinderella sues group for fraud

Salt-N-Pepa's longtime DJ Spinderella sues group for fraud The legendary group has been sued by it former DJ.

Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took Dorsey became the latest target of so-called " SIM swap " fraud which enables a fraudster to trick a mobile carrier into transferring a number

Twitter said on August 30 that its CEO Jack Dorsey’s account was restored after a brief time in which the attackers posted a series of offensive tweets . Mr. Hall said some carriers are using artificial intelligence to separate the legitimate SIM card replacements from fraud , but that this has not been

Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number.

Twitter CEO hack highlights dangers of 'SIM swap' fraud© Prakash SINGH / AFP Twitter chief executive Jack Dorsey was the victim of "SIM swap fraud."

Dorsey became the latest target of so-called "SIM swap" fraud which enables a fraudster to trick a mobile carrier into transferring a number -- potentially causing people to lose control not only of social media, but bank accounts and other sensitive information.

This type of attack targets a weakness in "two factor authentication" via text message to validate access to an account, which has become a popular break-in method in recent years.

Seattle woman, 33, is arrested for huge Capital One hack after 'stealing data from more than ONE HUNDRED MILLION credit card customers and applicants in America and Canada'

Seattle woman, 33, is arrested for huge Capital One hack after 'stealing data from more than ONE HUNDRED MILLION credit card customers and applicants in America and Canada' Paige Thompson (above), 33, made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, the Justice Department said.

Twitter said Friday the account was restored after a brief time in which the attackers posted a series of offensive tweets . But Ori Eisen, founder of Arizona-based security firm Trusona, which specializes in authentication without passwords, said the rapid fix should not be seen as an answer to the broad

Dorsey is a victim of the ' SIM swap ' fraud which lets fraudsters trick a mobile carrier into transferring a number, potentially causing a big security hole. Switching phones, or fraud ? Some analysts say hackers have found ways to easily get enough information to get a telecom carrier to transfer a

Twitter said Friday the account was restored after a brief time in which the attackers posted a series of offensive tweets.

But Ori Eisen, founder of Arizona-based security firm Trusona, which specializes in authentication without passwords, said the rapid fix should not be seen as an answer to the broad problem of SIM swap fraud.

"The problem is not over," Eisen said, noting that these kinds of attacks have been used to take over other high-profile social media accounts and for various kinds of fraud schemes.

Eisen said it's not clear how many people are attacked in this manner but that automated technology can create billions of calls that lure people into giving up information or passwords.

- Switching phones, or fraud? -

YouTube Tweaked Algorithm to Appease FTC But Creators are Worried

YouTube Tweaked Algorithm to Appease FTC But Creators are Worried A software update that came in July, without explanation, was designed to promote “quality” children’s videos

Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number. Dorsey became the latest target of so-called " SIM swap " fraud which

This type of attack targets a weakness in "two factor authentication" via text message to validate access to an account, which has become a popular break-in method in recent years.

Some analysts say hackers have found ways to easily get enough information to get a telecom carrier to transfer a number to a fraudster's account, especially after hacks of large databases which result in personal data sold on the so-called "dark web."

"Mobile accounts' text messages can be hijacked by sophisticated hardware techniques, but also by so-called 'social engineering' -- convincing a mobile provider to migrate your account to another, unauthorized phone," said R. David Edelman, a former White House adviser who heads a cybersecurity research center at the Massachusetts Institute of Technology.

"It only takes a few minutes of confusion to make mischief like Dorsey experienced."

Thousands of these attacks have been reported in countries where mobile payments are common, including in Brazil, Mozambique, India and Spain.

Researchers at the security firm Kaspersky say security systems by many mobile operators "are weak and leave customers open to SIM swap attacks" especially if the attackers are able to gather information such as birth dates and other data.

Little League World Series 2019: Meet the 16 teams vying for title

Little League World Series 2019: Meet the 16 teams vying for title The Little League World Series begins Thursday, with 10-to-12-year-old All-Stars hailing from all over the U.S. and world vying for title.

Read also: Twitter CEO account hacked , offensive tweets posted. Switching phones, or fraud ? Some analysts say hackers have found ways to easily get Researchers at the security firm Kaspersky say security systems by many mobile operators "are weak and leave customers open to SIM swap

Twitter said Friday the account was restored after a brief time in which the attackers posted a series of offensive tweets . But Ori Eisen, founder of Arizona-based Researchers at the security firm Kaspersky say security systems by many mobile operators "are weak and leave customers open to SIM swap

In a recent blog post, Kaspersky researchers Fabio Assolini and Andre Tenreiro said some cases come from cybercriminals paying off corrupt employees of mobile carriers -- for as little as $10 to $15 per victim.

"The interest in such attacks is so great among cybercriminals that some of them decided to sell it as a service to others," the researchers wrote.

In Brazil, some criminals have taken over victims' WhatsApp accounts, using it to ask the person's friends for "urgent payment," Assolini and Tenreiro wrote.

- 'Ripe' for fraud -

"This is a pretty ripe avenue for fraud," said Joseph Hall, technologist at the Center for Democracy & Technology in Washington.

Hall said some carriers are using artificial intelligence to separate the legitimate SIM card replacements from fraud, but that this has not been universally deployed.

"I would blame the carriers for not having more robust ways to authenticate users," he added, while also calling on Twitter to offer better safeguards.

A faked tweet from the president or other prominent person could lead to "devastating consequences," such as a plunge in financial markets, Hall said.

"This kind of thing becomes hard to counteract, because even after the information comes out that it's a hoax, people may not believe it," he said.

The Dorsey case, Hall said, highlights the need for better forms of authentication, especially for large online platforms like Facebook and Twitter where messages can have an impact.

This could involve a physical key that plugs into a device or a software-based system such as Google Authenticator, Hall noted.

Eisen said that paradoxically, the push for longer and more complex passwords has led to greater use of insecure text messages for authentication.

"The security practitioners must come to terms with the fact that what used to work doesn't work now," he said.

"We need to look for solutions that are not so easily exploited by bad guys and are easy for people to adopt."

Read More

Apple reportedly tweaked Siri's responses to sensitive subjects like feminism, #MeToo.
Developers who rewrote Apple's voice assistant were advised to offer neutral responses to questions about certain topics, according to the Guardian.

Topical videos:

usr: 3
This is interesting!