Hackers then use hijacked verified accounts, but renamed to another influence, to feed fake news to the millions of followers of the original accounts.
While it's unclear how the hackers managed to hijack the verified users at the first place, it is believed that the attack begins with malware or phishing attacks.
How DoubleSwitch Attack Works (Illustrated Example)To illustrate how effective DoubleSwitch technique is, we have prepared an example below:
Let's say, a hacker somehow managed to hijack The Hacker News’ Twitter account (
@thehackersnews), which is verified with 368,000 followers, where most of the are influencers in Infosec community.
And then the "DoubleSwitch" begins.
The First Switch: Once hacked, the hacker first changes the password and associated email id, along with the username, let's say @tim__cook, spoofing the Apple's CEO who is on Twitter with @tim_cook (single underscore).
Now, the hacker holds a verified account with the name of Apple CEO Tim Cook and can feed misinformation to nearly 370,000 influential followers from the tech industry, and many of them will believe without realising the account is hijacked and the tweets from it are fake.
The Second Switch: The hacker creates a new Twitter account with the original username @thehackersnews, which will be available, as once a Twitter account is deactivated, the handle for that account is freed for others to use.
But mind it, this new Twitter account registered with our Twitter handle (@thehackersnews) will not be verified with zero followers.
Locking the Legitimate Account Owner Out of its AccountIn order to get our account back, if we use password reset option, Twitter will send the confirmation email only to the attacker' email id that he used to register the new account.
So any attempt by the victim to regain access to its account fails, as the attacker can simply notify Twitter that the issue has been resolved, locking out the legitimate account holder.
Fortunately, Twitter also offers an alternative way, an online form, to report account hacking incidents directly to the Twitter team, which then they review and investigate the issue accordingly to help victims recover their accounts.
Using this method, Access Now helped the journalists regain access to their accounts, but by the time they regained access, some of the original account holder’s tweets were deleted, and the accounts were used to spread the fake news about events in Venezuela, confusing followers and damaging their reputations in the process.
Access Now says the attack can be conducted over Facebook and Instagram as well, but users can protect themselves by enabling two-factor authentication feature offered by the services.
Two-factor authentication uses two different methods in an attempt to verify a user's identity — a password and a one-time passcode (OTP) sent to the user's mobile phone — which makes it much harder for hackers to compromise an account in the first place.
However, two-factor verification is not an actual solution for the journalists, activists and human rights defenders in countries like Venezuela, as they do not associate their personally-identifiable information like phone numbers with their online accounts in fear of getting spied on.
News provided by GREENDUMPS24.COM