Another Twitter Hack: This Time, India's Modi TargetedAccount Associated With Prime Minister Hacked for Apparent Fraud Scam
Twitter is investigating the hacking of an account associated with Indian Prime Minister Narendra Modi for an apparent cryptocurrency scam, according to the BBC and other news media reports.
A series of fraudulent tweets sent from the verified account for about an hour on Thursday asked followers to send cryptocurrency donations to an organization called the "PM National Relief Fund" and included a digital wallet address, according to the BBC. After officials were alerted, the messages were taken down.
The account, @narendramodi_in, has about 2.5 million followers and is associated with Modi's personal website, according to the BBC and other media reports. The prime minister's official government accounts were not affected by the hack, the reports note.
A Twitter spokesperson tells the BBC: "We are actively investigating the situation. At this time, we are not aware of additional accounts being impacted."
A spokesperson for Modi's office did not immediately respond to a request for comment.
Thursday's incident appears to be similar to a July cryptocurrency scam that affected about 130 Twitter accounts in the U.S and Europe, including those associated with U.S. Democratic presidential nominee Joe Biden, Tesla CEO Elon Musk and Microsoft founder Bill Gates (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).
After the July incident, Twitter launched an investigation into its security. U.S. law enforcement officials charged three people with hijacking the accounts and waging a fraud campaign that scammed individuals out of approximately $120,000 (see: 3 Charged in Twitter Hack).
Twitter found that several of its employees were victimized by a phone-based spear-phishing attack that provided the hackers with credentials for the social media firm's internal systems and tools (see: Twitter Hack: Suspects Left Easy Trail for Investigators).
From there, the suspects allegedly used stolen credentials to take over 130 accounts, and then they tweeted from 45 of them, according to Twitter's investigation. The tweets falsely said the owners of the accounts would send double the number of bitcoins back to accounts that sent in cryptocurrency. The hackers also accessed the direct message inboxes of 36 accounts and downloaded the Twitter data from seven of those accounts.
The investigation into the hijacking of the 130 accounts continues. On Tuesday, the New York Times reported that the FBI executed a search warrant at the home of an unnamed 16-year-old Massachusetts resident who also may have been involved.
On Wednesday, U.S. Rep. James Comer, R-Ky., the ranking member of the House Oversite and Reform Committee, sent a letter to Twitter CEO Jack Dorsey raising concerns about the hijacking of the accounts and another case involving former employees accessing sensitive user data, according to The Hill.
"It has become increasingly clear that Twitter does not take security and oversight of its security practices seriously," Comer wrote.
Ray Kelly, principal security engineer at WhiteHat Security, says Twitter and its users are being targeted by hackers using increasingly sophisticated social engineering techniques.
"Humans are often times the weakest link in any organization’s security chain," Kelly says. "Proper training and employing services that test human exposure to social engineering attacks can be vital to help prevent an individual from becoming a security gap in any organization."
Hank Schless, senior manager for security solutions at Lookout, notes that because the July Twitter attack started with a voice phishing scam, or vishing, organizations need to be more aware of how fraudsters and scammers are using mobile devices to conduct various schemes.
"It's critical to train your employees on how to spot mobile phishing attempts," Schless says. "Your employees are the first line of defense against a phishing-related breach. Most people understand how to spot phishing attempts sent to a computer via email, but that all goes out the window on mobile devices."