Doubleswitch attack to hijack documented social networking accounts




Access Now discovered a new intelligent attack called Doubleswitch , which targets influential social media users as a means of spreading false news. The Doubleswitch attack hijack verified accounts and make it difficult for the legitimate owner of the account to recover and use it.

Activists and journalists were targeted in Venezuela, Bahrain, Myanmar and elsewhere. The attack was aimed at spreading false information and silencing the target. The attackers also deleted old entries they did not want to be included in the victim’s account.

The idea of ​​the Doubleswitch attack is very simple, as the attacker controls the victim’s account on previously verified social media through the usual methods of e-mail phishing, and the attacker later changes the e-mail and password of the victim’s target account.

The attacker chooses victims from famous or influential people in many areas such as journalism, media and human rights. For example, the attacker starts with the account of the victim, who has a large number of followers on the Twitter microblogging platform and changes the account name to the name of another famous person It is slightly different from its official account.

The move allows the attacker to have a trusted and closer social contact account with many followers, with the original account holder logged out of his account and prevented from recovering the account by changing the email address of another attacker, confirming to Twitter that everything is fine.

In the next step, the attacker creates a new unauthenticated account of the victim so that they can post the malicious news through all the documented and undocumented accounts and Twitter followers re-twitter. The Twitter platform has a form to report issues and problems that are reviewed by the human element, Slow process.

The problem is not limited to the Twitter microblogging platform, but it is spread across all social platforms that provide account verification. The best defense against it is using 2-step verification from the account.


In: A Technology & Gadgets Asked By: [22628 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »