Twitter Inc. blamed Chief Executive Officer Jack Dorsey\u2019s mobile phone carrier for a hack of his Twitter account that sent out a stream of offensive tweets on Friday.<\/p>\n
\u201cThe phone number associated with the account was compromised due to a security oversight by the mobile provider,\u201d Twitter said in a comment posted by spokesman Brandon Borrman late Friday.<\/p>\n
Borrman clarified Saturday that the company isn\u2019t identifying the carrier, and so far none of the four major U.S. mobile providers has admitted responsibility.<\/p>\n
The security incident \u201callowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved,\u201d according to the Friday statement.<\/p>\n
The clarification appears to support speculation that Dorsey was the victim of SIM swapping. That\u2019s when someone convinces a mobile carrier to switch an existing number to a new SIM card they control. In this case, it may have required the hackers to have personal details that would allow them to convincingly impersonate one of Silicon Valley\u2019s best-known figures.<\/p>\n
More than 15 tweets, many containing obscenities and racist comments, were posted on Dorsey\u2019s account, @jack, shortly before 4 p.m. New York time on Friday. The company started deleting the tweets from Dorsey\u2019s verified Twitter account, which has more than 4 million followers, about 20 minutes after the messages went viral.<\/p>\n
A person familiar with Sprint\u2019s operations said the company checked late Friday and there was no record of an account associated with Dorsey. A spokeswoman for T-Mobile, Tara Darrow, said that \u201cfor privacy and security reasons, we would never discuss an individual\u2019s circumstances or if they are a customer.\u201d Verizon Communications Inc. and AT&T Inc. didn\u2019t respond to queries from Bloomberg News on Saturday asking if they were Dorsey\u2019s provider.<\/p>\n
The attack may not have required any in-person communication on the part of the fraudster. A group calling itself the Chuckling Squad claimed credit for the hack.<\/p>\n
\u201cYou can call in and say, \u2018I bought a new phone and I need a new SIM card assigned to this number,\u2019\u201d said Lawrence Pingree, a research vice president at the IT research company Gartner Inc. If the caller provides the correct information, they might succeed, and the problem is made worse because call centers handle a high volume of calls, he said.<\/p>\n
Some of the tweets sent from Dorsey\u2019s account used anti-black slurs, praised Adolf Hitler and talked about a bomb at Twitter\u2019s headquarters. Many of them referenced the Chuckling Squad, which also took credit for the hack of several YouTube and Instagram celebrities this month, including James Charles, Shane Dawson, King Bach and Amanda Cerny.<\/p>\n
Borrman said he \u201cdidn\u2019t have anything to share on that right now\u201d when asked whether the FBI or local law enforcement was investigating Dorsey\u2019s hack.<\/p>\n
Sgt. Samy Tarazi, of the Santa Clara County Sheriff\u2019s Office, whose agency is part of a five-county cyber task force in the Bay area that\u2019s been focused on SIM swapping for the last 18 months, said swapping represents a massive flaw in mobile security because the phone\u2019s user loses all control of their device; the decision to change out the SIM is left to the mobile carrier. Some victims have been hit multiple times.<\/p>\n
Tarazi said in some cases employees of a mobile carrier are paid to swap the cards by the hackers, but in others, the perpetrators are just clever at impersonating the victim. Tarazi said he\u2019s seen the fraud performed successfully by hackers as young as 13 years old.<\/p>\n
While the attack on Dorsey\u2019s account didn\u2019t appear to be financially motivated, SIM swapping can be lucrative when used to steal cryptocurrency that\u2019s secured through data or applications linked to a victim\u2019s mobile phone.<\/p>\n
Prosecuting SIM swaps is challenging because it\u2019s often difficult to explain the process to a judge or jury that isn\u2019t tech savvy, Tarazi said. In addition, \u201cit\u2019s really trying to explain the seriousness of a 16-year-old working from his bedroom in his parent\u2019s house stealing millions of dollars. It\u2019s hard to wrap your head around.\u201d<\/p>\n
After Dorsey\u2019s hack, other Twitter users expressed concern that an even more prominent and prolific user — President Donald Trump — could be just as easily hacked, compromising global political relations. Trump, who regularly uses the service to announce policy decisions, expressed little concern about that scenario.<\/p>\n
\u201cWell, I hope they\u2019re not hacking my account, but actually if they do, they\u2019re not going to learn too much more than what I put out, right?\u201d Trump told reporters Friday evening as he left the White House. \u201cShouldn\u2019t be too bad.\u201d<\/p>\n
Twitter declined to comment on the security measures Dorsey uses. His account was hacked in 2016 through a connection to his Vine account, so he probably uses more security around the account than most users.<\/p>\n
Twitter lets users post tweets by text, and it\u2019s likely the method that was used to post the offensive remarks, which wouldn\u2019t require having Dorsey\u2019s password or directly hacking Twitter\u2019s systems.<\/p>\n
The tweets were sent via a service called Cloudhopper that allows tweeting via SMS. Twitter acquired Cloudhopper in 2010.<\/p>\n
Twitter blamed Chief Executive Officer Jack Dorsey\u2019s mobile phone carrier for a hack of his Twitter account that sent out a stream of offensive tweets on Friday.<\/p>\n","protected":false},"author":341034,"featured_media":260425,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[7407,405],"class_list":["post-318359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet","tag-jack-dorsey","tag-twitter"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/318359"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341034"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=318359"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/318359\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/260425"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=318359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=318359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=318359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}