Hackers caught cloning activist Twitter accounts to spread fake news
It's a chilling new attack method, which causes confusion and leaves victims completely helpless
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers are using a cunning new attack method to neutralise activists’ Twitter accounts.
It involves the hacker taking over an account, cloning it and completely changing the original.
What’s more, thanks to their knowledge of how Twitter’s account recovery and recycling processes work, the hackers are managing to lock the victims out of their accounts and keep them out.
The attack has been dubbed the ‘Doubleswitch’, and it was first reported by digital rights group Access Now.
It says hackers have targeted the accounts of journalists, activists and human rights defenders in Venezuela, Bahrain and Myanmar, some of which were verified and “had a large following”.
After hacking them, Access Now says the attackers “updated the account information by changing the password and the associated email address, locking out the legitimate user.”
They then changed the accounts’ usernames and, crucially, took advantage of an option that enables Twitter to recycle unwanted usernames.
“After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address,” says the group.
“When these victims attempted to recover their accounts, Twitter’s confirmation emails went to the hijackers, who pretended that the issue had been resolved. The hijackers then proceeded to delete one of the original accounts, making it even harder for the victim to recover it.”
Journalist Milagros Socorro and Miguel Pizarro, a member of Venezuela’s parliament, were both hacked using this method.
With help from Twitter, their accounts were eventually recovered, but not before the hackers had started spreading fake news through them and deleting past tweets, confusing followers and damaging their reputations in the process.
Access Now says Doubleswitch attacks can also be carried out on Facebook and Instagram, but says users can protect themselves by enabling multi-factor authentication.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments