Recently Twitter CEO Jack Dorsey’s Twitter account was taken over by a group of hackers ironically named ‘The Chuckle Squad.’ They tweeted racial slurs and antisemitic messages from Dorsey’s account. Shortly after the incident, the tweets were deleted, his account was cleaned up, and there was no memory of this incident.
It’s good to be the CEO of Twitter; when in the blink of an eye everything is good.
Even his reputation is untarnished since nobody really believed Dorsey would actually send out such ridiculous tweets. Twitter explained in a statement their systems were not compromised, and that it was a third party used by Twitter to send out these tweets.
This morning as I was on the way to the Nashville Airport, my Uber driver and I started chatting. He asked me what I did for a living; I told him that I teach individuals and organizations how to prevent cybercrime victimization by improving their own cyber-hygiene. He proceeded to tell me that he recently moved to Nashville to pursue his lifelong passion of becoming a musician. You can tell how excited he was to talk about his love for music and use of social media to promote his band.
I never want to be the Debbie Downer of a conversation, but I used this as an opportunity to educate him about social media cybersecurity.
As well as The Chuckle Squad.
He said he was only a small time musician and nobody would ever target him or his social media platforms. If you have read my book or attended any of my conferences, you know this got my heart racing. This is one of the main commonalities that all my prior victims had. They would innocently claim:
“I’m too small to be a victim and don’t have anything the bad guys would want to get access to.”
He explained his 1000 followers were loyal to him, and that he was using ‘safe marketing tools’ to increase his fanbase.
During my career with the FBI, I responded to hundreds of social media account takeovers, so I knew it would be easy for me to change his behavior. I asked him to imagine a hacker getting access to his username and password, then asked him what would happen next. He told me the cybercriminal would gain access to his account, but didn’t know if they could get access to his password. They could, via the two main attack vectors: A keystroke logger, which is a form of malware designed to steal passwords, or password reuse which happens when the bad guys steal the passwords such as Yahoo, Linkedin, Marriott, etc. Now you know from previous posts that 60% of the population uses the same password for multiple accounts.
I asked him if he was one of these people, to which he turned around and embarrassingly nodded his head.
I also wondered if he had ever heard of two-factor or multi-factor authentication and he had, but did not have it turned on for his social media. So I walked him through a made-up scenario: One day Mr. Hacker gains access to his Instagram account and creates a message to all of his followers that says, “Hey y’all! I’m very excited to say that I’ve finally created my musical masterpiece, and I just want to share it with you and get your thoughts. Just Click on the Link, let me know what you think, and enjoy!” But instead of his followers listening to the demo, once they clicked on the link they would either be infected with ransomware, or a keystroke logger.
I think he started to see where I was going with this.
The last thing I asked him to do was picture what his career would look like then, considering he was planning to put all of his hard earned cash into social media marketing. He had a look of pure terror. I lightened the mood by telling him he had nothing to worry about, because I would show him how to prevent it from happening.
I feel this is everyone’s stance on cybersecurity. On the corporate side, I’ve seen this type of attack play out numerous times.
Whether you are an individual using social media for personal use, a small business, or a large corporation- you MUST understand that none of this matters to criminals.
No matter what department you work in, please ask yourself these questions, and bring them up to others in your workspace.
- Is your company using social media to promote the corporate brand?
- Do you know how to initiate 2FA on your accounts? Who is the go-to person or department if you feel your account has been compromised?
- Does your company have policies that are enforced to make sure strong passwords and 2FA are being used to keep the account safe?
Most companies do not have the pull like Jack Dorsey to make this problem go away.
This was probably the most satisfying Uber drive ever. That being said, it goes to show everyone in today’s world needs a lesson in cybersecurity. All social media platforms have 2FA. It’s easy and free to use. Never use the same password for your social media as any other account. And remember- nobody ever expects to be a victim. Stay vigilant and cyber-safe!