Threat Management, Vulnerability Management

‘Doubleswitch’ targeting activists via social media, Access Now report

In a new campaign, attackers are locking out activists from their social media accounts.

The scourge is intended to silence journalists, activists and human rights defenders by hijacking accounts and making it tough – and sometimes impossible – for the legitimate users to recover them.

As detailed by Access Now, a digital rights company, hijackers gain access to victims' Twitter accounts (in an unknown manner) and update the account information by altering the password and the associated email address, locking out the legitimate user. The attacker can then change credentials, connect accounts to a new email address and thereby assume the identity of the original user.

When the legitimate users attempt to recover their accounts, confirmation emails from Twitter are rerouted to the hijackers.

Users who have not enabled an app-based form of multifactor authentication for their accounts are especially vulnerable, the report stated, as this more easily enables the miscreants behind this campaign to phish for passwords.

"This new form of attack exposes some unforeseen gaps in Twitter's policies and account features," the report determined.

Enable multifactor authentication, Access Now recommended. The company also advised social media platforms to update features and rules to mitigate the Doubleswitch attack. These popular platforms should also implement alternative ways to authenticate users, such as through app-based authenticators, which do not require a phone number to implement, the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.