So, I have said to you that I would keep up to date the best I could with all of the social media Cyber attacks that have been happening. The first one I bring to you is about Twitter. A couple of months ago, their database was hacked into, but apparently there were no passwords that were stolen.
Well today, Twitter has taken some serious action. A total of 770 accounts were purged because of what they call “coordinated manipulation”.
The account suspensions were done in two parts. The first wave got rid of 284 accounts, many of which originated from Iran. The second wave got rid of 486 more accounts. All of these accounts were deleted for the same reason, as just described.
The catalyst for this huge account deletion was a recent report by FireEye in which they reported that a campaign originating out of Iran focused on “poisoning the minds of people” in the United States and other countries around the world.
This campaign has been active since 2017, which focused upon anti-Israel, anti-Saudi, and pro-Palestine issues. There were also stories protesting about Trump pulling away from the Joint Comprehensive Plan of Action nuclear deal.
The publication of this report triggered a huge backlash from some of the largest Internet companies located here in the United States, most notably those of Facebook and Google.
In return, Facebook removed 652 pages, groups, and accounts suspected of being tied to Russia and Iran. Google also replied in kind, by blocking 39 You Tube channels, and disabling six Blogger and 13 Google+ accounts.
Twitter had also mentioned that out of all the accounts that have been closed off, only about 100 of them actually originated in the United States.
These accounts were also sharing other forms of ultra divisive social commentary around the world, and had followers reported in the thousands. Because of this, Twitter has also taken steps to further detect spammed accounts, as well those accounts that can be used to trigger various forms of Botnets.
Also, they have made the sign up process for new accounts more difficult, and is using a new Security tool from an organization called Duo Security which makes it easier to detect these Botnets.
In terms of other social media sites taking action, Instagram has just announced that it will provide users with the ability to check the authenticity for accounts that targets and reaches large groups of people. This can be accessed through an “About This Account” option in the Profile menu, and will contain the following types of information:
*The date the account joined Instagram;
*The country that the account is located in;
*Accounts that are shared with other followers;
*Any username changes;
*Details on the ads that it is running at the present time.
Also, if a user of Instagram has an account that reaches a large amount of people as well, he or she can also request to have their account verified by filling out a form on an mobile app. By doing this, it will show that to other users in the global community that the account is real and legitimate, and not just being used for sending spam and potential Botnets.
Any users that wish to go through this process must submit their account username, full legal name, and a copy of their legal or business identification. In turn, Instagram promises to review all applications, but reserves the right to turn down applications as well, if all of the required information is not provided, or looks suspicious in any way shape or form.
Also, Instagram announced that it will soon allow for support for third-party authenticator apps for account verification and authenticity checking.
My thoughts on all of this?
Sure, simply deleting accounts is a short term remedy, but how about a much more permanent one? This will involve using a Security solution that is multi layered, such as a 3FA, or Three Factor Authentication.
In my view, it seems that 2FA is not working well, so why not add another layer of Security that is much more solid to use (say than just a password or a PIN Number), such as a Biometric? In this regard, something like either Fingerprint Recognition or Iris Recognition would work great. I will address the technicalities of how all of this could work in a future blog.
But if 3FA is not going to be an option, then the only other route is to have the user of the social media site create a long and complex password. But of course, nobody wants that, so can’t these social media sites offer the use of a Password Manager for both new and existing accounts?
After all, these software packages are not too expensive, and will be a drop in the bucket in the bottom line for these companies versus the expense that it takes to fight off the Cyber attacker and the bad press that comes along with it.