An online hacking security agency has “hijacked” multiple Twitter accounts in an effort to make a point regarding online security issues.
On Thursday, the message: “This account has been temporarily hijacked by Insignia Security,” appeared on the Twitter accounts of a “number of celebrities” including Eamonn Holmes and Louis Theroux. The tweet also appeared on the Twitter feed of The Independent’s travel correspondent Simon Calder.
According to a post on Medium by Insignia Security, It was done in order to aware the people about the risk of having linked the mobile no. with their twitter accounts.
Mike Godfrey, the CEO of Insignia Security, confirmed to The Independent the reason behind the hacking, explaining: “Insignia have warned for years that using text messaging for authentication, interaction or security is totally unacceptable and leaves people vulnerable to attack.
The US charges two Chinese nationals with hacking trade secrets
“This issue was highlighted to Twitter in 2007, again in 2009, again in 2011 and almost every year since. Quite simply; Twitter doesn’t listen. The campaign today was to highlight these vulnerabilities, how serious they can be and how someone with a relatively low skill set and a range of tools can control social media that people use to control their brands, career, image and much more. People have a right to know the truth about the state of insecurity that huge companies like Twitter leave innocent users in.”
Hijacking the accounts was a piece of cake according to Godfrey – “In this case, it was a simple task of ‘spoofing’ the Twitter users MSISDN (mobile phone number) and sending texts that appeared to be from their phone to Twitter, which will automatically accept commands provided it believes that the text has come from the users phone number, which it did,” he told us.
Godfrey keep his lips sealed about“how these numbers were obtained,” he did say the entire attack “took less than 10 minutes to carry out and complete.”
On Medium, the depth of the hijacking was further explained – and the dangers this lack of security poses.
“We used this method to successfully control the targets Twitter account, allowing us to send DM’s, retweet and like tweets, follow and unfollow people and much more,” the post reads.