Account Takeover Fraud , Application Security , Fraud Management & Cybercrime
Indian PM Modi's Twitter Account Compromised - Again
Tweet Announcing Bitcoins for Citizens Deleted; Account 'Secured'
The Twitter handle of Indian Prime Minister Narendra Modi was "briefly compromised," the Prime Minister's Office announced on Sunday. The Parag Agrawal-led social media platform "immediately secured" the account, the PMO's tweet says.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The Twitter handle of PM @narendramodi was very briefly compromised. The matter was escalated to Twitter and the account has been immediately secured.
— PMO India (@PMOIndia) December 11, 2021
In the brief period that the account was compromised, any Tweet shared must be ignored.
PMO's official Twitter handle announcing the account compromise
The tweet claimed that India had "officially adopted bitcoin as legal tender" and would distribute 500 BTC - approximately $23.7 million - to "all residents of the country." The cryptocurrency scam was first reported by CNN-News18's Aditya Raj Kaul.
The tweet from Modi's account has since been deleted.
Twitter and the PMO did not respond to Information Security Media Group's request for comments.
The second hijack of Modi's Twitter account comes on the heels of India gearing up to introduce a bill in Parliament to ban private cryptocurrencies in the country.
The first time around, in September 2020, Indian Express reported that hacker group John Wick had posted a tweet from the PM's Twitter handle. It said: “I appeal to you all to donate generously to PM National Relief Fund for Covid-19, Now India begin with crypto currency. Kindly Donate Bitcoin.”
The hackers also posted a second statement: “Yes this account is hacked by John Wick, we have not hacked Paytm Mall." The clarification was made amid reports attributing the massive data breach involving the Indian e-commerce platform to John Wick.
Celebrity Cryptocurrency Scams on Twitter
Twitter accounts of high-profile individuals - including Microsoft founder Bill Gates, Tesla founder Elon Musk, U.S. President Joe Biden and former U.S. President Barrack Obama - were hijacked in unrelated cryptocurrency-based scams in 2020.
Twitter's investigations at the time revealed that the attackers had targeted Twitter employees through a social engineering scheme to obtain access to the high-profile accounts.
In August 2019, The New York Times revealed that hacker group Chuckling Squad had hijacked former Twitter CEO Jack Dorsey's account. The group had reportedly announced that the company's San Francisco headquarters would be bombed and then posted a string of racist tweets.
The attack was later attributed to a "security oversight" by Dorsey's mobile service provider that made it possible for an unauthorized person to send messages and tweets from his mobile number, according to Twitter Comms.
Twitter's Security Measures
After the 2020 incidents of account compromise, Twitter said it had used internal detection and monitoring tools to alert the platform of unusual behavior or possible unauthorized attempts to access its internal tools.
Twitter also said it had improved its focus on high-profile accounts to safeguard them during the U.S. elections. The identified accounts were reportedly informed of account security measures via in-app notifications from Twitter.
As part of Twitter's enhanced security measures, it said it had deployed more sophisticated detection and alert mechanisms, increased login defense to prevent malicious account takeovers and provided account recovery support.
In addition to practicing better cyber hygiene, including the use of stronger passwords, Twitter said it encouraged users to use two-factor authentication to protect accounts from unauthorized logins. The company also recommended revoking connections to unrecognized or unfamiliar third-party applications.
John Bambenek, threat intelligence adviser at cybersecurity firm Netenrich, says two-factor authentication is extremely important. He tells Information Security Media Group that several account takeovers were possible because the accounts did not have strong 2FA in place. "One of the biggest things a security team should insist on is two-factor authentication, or 2FA, for any access to social media accounts or social media management platforms," he says.
According to Bambenek, it's not just high-profile individuals who need to exercise caution, but their social media teams as well.
"Due to the public nature of social media accounts, social media managers in companies are also highly targeted individuals for those wishing to engage in hacktivism. Those users need to have strong protection and detailed security training to deal with the increased risk they are under from being targeted by cybercriminals," he says.
Is Twitter Liable?
The disclosure of the PM's Twitter account compromise saw users debating on where the onus of protecting the Prime Minister's social media account lay - the Prime Minister's Office or Twitter.
Sir, with respect it's not possible for twitter to mislead on this. Besides if twitter was lying, the office of the Hon'ble PM would have taken them on. Fact is, someone within PMO "compromised" the twitter acct of our PM for the 2nd time. This can have far reaching consequences! https://t.co/Ff64svCV08
— Tehseen Poonawalla OfficialOne can't always predict or prevent an account compromise or hack, N. S. Nappinai, Supreme Court advocate and policy and investigation adviser to Maharashtra Cyber, tells ISMG.
"How quickly Twitter acted after the incident occurred and removed the falsified tweets is what really counts," she says.
According to Section 43A of the Indian IT Act, a corporate entity is mandated to implement and maintain "reasonable security practices and procedures," and not impenetrable or inviolable security measures, she says.