Twitter CEO Hacked. PHOTO: Cybercrime Magazine.

Hack On @Jack: Twitter CEO Is The Victim Of A SIM Swapping Attack

Jack Dorsey had his own account hacked yesterday by the Chuckling Squad

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Aug. 31, 2019

Jack Dorsey, one of the world’s richest ex-hackers, temporarily lost control of his personal Twitter account, @Jack, which has 4.2 million followers.

A source at Twitter confirmed to the BBC that the cybercriminals — a group known as the Chuckling Squad — carried out a SIM swapping attack in order to gain access to Dorsey’s account yesterday.

Once inside, the cyber intruders tweeted out a series of offensive messages from @Jack and other accounts. The incident has since been resolved.

Dorsey is no stranger to hacking. He once hacked his way into a job with a large dispatch company in New York.

In a 2013 interview with CBS’ Lara Logan, Dorsey recounted how he couldn’t find any contact information on the website (of his prospective employer). “I found a way into the website, I found a hole, a security hole.” When asked if that’s the same thing as hacking, he replied “yes”, while laughing. But, he added, “hacking is not a crime, criminal hacking is a crime.” Dorsey emailed the dispatch company informing of the security hole, and they hired him.

Now the Twitter CEO finds himself on the receiving end of a much more dangerous cyberattack. SIM swapping attacks have been used not only to break into social media accounts, but also to steal tens-of-millions of dollars worth of cryptocurrency, according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac.

Another victim of a SIM swapping attack, Rob Ross, a former Apple engineer, watched $1 million disappear from his cryptocurrency account last year — almost his entire life savings — in about 20 minutes.

TechTarget describes a SIM swap attack, also known as a SIM intercept attack, as a form of identity theft in which an attacker convinces a cell phone carrier to switch a victim’s phone number to a new device in order to gain access to bank accounts, credit card numbers and other sensitive information.

The hack on @Jack, and Ross, should be alerts that none of us are immune from SIM swapping attacks, no matter how technically astute we are.

A recent article from LifeHacker offers in-depth advice on how to prevent and respond to a SIM swap scam. Our editors are reading it now, and you should too.

You may also want to head over to Ross’ site, which is fighting back against AT&T, Verizon, and other carriers he claims are giving control of our numbers to hackers who can then drain our bank accounts in minutes.

Don’t let the scammers get a good chuckle on your account.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.