RISING RISKS Hackers exploit Covid-19 to attack people, companies, and governments By Julian Ryall
It may not have been very sophisticated, and the three young perpetrators were quickly identified and arrested, but the hacking of 45 Twitter accounts belonging to politicians, celebrities and technology moguls on July 15 has left security expert John Kirch “shaken.” One week later, Naver, South Korea’s largest internet portal, confirmed that it was moving its overseas backup data center from Hong Kong to Singapore, due to concerns that Chinese authorities could use the far-reaching new legislation to access user information. Kirch, a senior executive at technology security developer Uppsala Security, told The ACCJ Journal that if two teenagers and a 22-year-old can defeat the safety protocols of one of the world’s largest and most influential social media platforms, then something is amiss. “It looks as if the damage was limited, and they were able to quickly find the hackers, but the implications of what might have happened are staggering,” he said. According to media reports, two hackers from Florida and a teenager from Great Britain used spear-phishing techniques to convince Twitter employees to provide sensitive information, such as passwords, that enabled them to access the personal accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Kanye West, and others. The hackers sent tweets from the compromised accounts stating that anyone who transferred cryptocurrency to a specific Bitcoin wallet would receive double in return. Authorities believe the three men had obtained about $110,000 before they were traced and arrested.
18
THE ACCJ JOURNAL
n
SEPTEMBER 2020
RED FLAG “Twitter got very lucky,” said Kirch. “What would have happened if it had not been a couple of kids looking to make a quick buck, but was something far more dangerous? This could have been someone from abroad who got access to Joe Biden’s account, stayed dormant for weeks or months, observing and collecting information, and then acted just before the US election. The damage to the United States, and globally, could have been tremendous,” he said. “Unfortunately, Twitter has something of a history of being hacked, it happened in August 2019, when the account of their chief executive officer, Jack Dorsey, was hacked. And, before that, in 2010, then-President elect Obama was hit,” he added. And if it can happen to a high-profile, media-savvy organi zation that should have all the security safeguards in place, Kirch cautions, it can happen to any company. GROWING DANGER According to industry statistics, global security breaches have increased by 11 percent since 2018, and an even more alarming 67 percent since 2014. Hackers attack every 39 seconds, for an average of 2,244 incidents each day. Their weapons include malware, denial-of-service attacks, phishing, malicious code, ransomware, and botnets.
JOHN KIRCH Senior executive Uppsala Security