31 Aug Hack On @Jack: Twitter CEO Is The Victim Of A SIM Swapping Attack
Jack Dorsey had his own account hacked yesterday by the Chuckling Squad
–Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Aug. 31, 2019
Jack Dorsey, one of the world’s richest ex-hackers, temporarily lost control of his personal Twitter account, @Jack, which has 4.2 million followers.
A source at Twitter confirmed to the BBC that the cybercriminals — a group known as the Chuckling Squad — carried out a SIM swapping attack in order to gain access to Dorsey’s account yesterday.
Once inside, the cyber intruders tweeted out a series of offensive messages from @Jack and other accounts. The incident has since been resolved.
Dorsey is no stranger to hacking. He once hacked his way into a job with a large dispatch company in New York.
In a 2013 interview with CBS’ Lara Logan, Dorsey recounted how he couldn’t find any contact information on the website (of his prospective employer). “I found a way into the website, I found a hole, a security hole.” When asked if that’s the same thing as hacking, he replied “yes”, while laughing. But, he added, “hacking is not a crime, criminal hacking is a crime.” Dorsey emailed the dispatch company informing of the security hole, and they hired him.
Now the Twitter CEO finds himself on the receiving end of a much more dangerous cyberattack. SIM swapping attacks have been used not only to break into social media accounts, but also to steal tens-of-millions of dollars worth of cryptocurrency, according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac.
Another victim of a SIM swapping attack, Rob Ross, a former Apple engineer, watched $1 million disappear from his cryptocurrency account last year — almost his entire life savings — in about 20 minutes.
TechTarget describes a SIM swap attack, also known as a SIM intercept attack, as a form of identity theft in which an attacker convinces a cell phone carrier to switch a victim’s phone number to a new device in order to gain access to bank accounts, credit card numbers and other sensitive information.
The hack on @Jack, and Ross, should be alerts that none of us are immune from SIM swapping attacks, no matter how technically astute we are.
A recent article from LifeHacker offers in-depth advice on how to prevent and respond to a SIM swap scam. Our editors are reading it now, and you should too.
You may also want to head over to Ross’ StopSIMCrime.org site, which is fighting back against AT&T, Verizon, and other carriers he claims are giving control of our numbers to hackers who can then drain our bank accounts in minutes.
Don’t let the scammers get a good chuckle on your account.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.