Photo by Bermix studio on Unsplash
- Twitter Hack Report
On the 15th of July 2020, a group of unknown cyber criminals managed to hack into Twitter’s systems and got user access into some of the high-profile and prominent individuals in the world. These are the likes of the 44th President of the United States of America Barrack Obama, Democratic Presidential candidate Joe Biden, Elon Musk, Bill Gates, other celebrities like Kim West and Kanye West, and companies such as Apple and Uber.
According to Twitter, the hackers managed to gain access into Twitter’s internal control systems and secured employee privileges. A total of 130 Twitter accounts were targeted, and out of these, the hackers were able to initiate a password reset, login into 45 accounts and send Tweets. The tweets sent read as follows,” Everyone is asking me to give back and now is the time. I am doubling all payments sent to my BTC address for the next thirty minutes. You send $1,000 I send you back $2,000.” Everyone is still searching for answers for what could be the one of worst attack in Twitter’s history and as the world is coming into terms with what actually happened, it is crucial for us to think how we can better protect ourselves and most importantly our data in this digital age.
- Cybercrime Prevalence in the world
It is a major concern that we increase our knowledge and understanding of cybercrime even as we continue to interact with each other and have business transactions using online platforms. Cybercrime is not new to us. In fact, it is estimated that hackers attack every 39 seconds, on average 2,244 times a day (University of Maryland). Numbers don’t lie. In Kenya, between April and June 2019 alone, the country experienced 26.6 million cyber threats up from 11.25 million (Communications Authority of Kenya). During the pandemic, our reliance on computer systems has been more than ever before. This has exposed both individuals and businesses to be vulnerable in all respects, and is proving to be a boon for cybercriminals.
- How does cybercrime happen in general?
But how exactly is cybercrime orchestrated? In its simplest form, cybercrime is equivalent to robbing or mugging someone. But instead of using a weapon, it is carried out using technology, where a computer is the object of the crime. Once a victim has been targeted, there are various techniques cybercriminals would use to penetrate the security measures, gain unauthorized access and eventually commit crime. These techniques include:
Phishing – This is a form of social engineering, where the attacker poses as a legitimate institution either through email, telephone or text message and willfully deceit and manipulate the victim into providing sensitive data such as PIN numbers, Bank Details, Passwords and the likes.
Social Engineering – This is the art of manipulating people so they give up their confidential information. Personally, I have been a victim of a social engineering attack where the criminals posed to be employees of my mobile operator enquiring details about my mobile money account. I was fortunate enough to quickly recognize the falsehood in their claims and hang up as soon as possible. I later called my mobile operator and confirmed that it was an attempted attack. How or where they got my number is still a mystery but what I learnt is whenever you receive a call from your bank or mobile operator or any other institution (like your hospital) asking for your account information, you should ALWAYS hang up and call them yourself.
Malware Attack – This is where the attacker secretly installs a malware (malicious software) on the victim’s computer device and proceeds to gain unauthorized access. Your computer device or mobile device could be infected with a malware through either a Trojan Horse, a Virus or a Worm. A Trojan horse is usually a program that appears to be one thing (e.g. a game, or a useful application tool) but is really a delivery mechanism for a malware. A virus on the other hand is a software that self-propagates and spreads to other files/programs (or even parts of your hard-drive and/or operating system), whereas a Worm self-propagates and spreads to other computers without the victim’s knowledge.
- How can you protect yourself?
Security is all about knowing who and what to trust. And if you trust your systems, then the first line of defense against cyber attack should be your passwords and other access points to your systems. The stronger the password, the more protected your computer will be from hackers and malicious software. The industry standards recommend that your password should be between 8-16 characters. However, due to the advancement in technologies, an eight-character password would be vulnerable to high-level password cracking software.
According to the number one hacker in the world, Kevin Mitnick, password length should be typically between 20-25 characters. This makes it quite tasking for hackers to think of cracking a 25-character password as opposed to an 8-character password. One should be able to use strong random passphrases for example – ek5iogh#skf&skd. An approach one might use is known as leetspeak, where you replace standard letters with numerals or special characters that resemble the letter in appearance. In as much as this is the best approach, the human mind has trouble remembering random sequences. In that case, it would be plausible to have a password manager, either digital or analogue.
Other than developing strong passwords, one should also be able to employ MFA (Multi-factor Authentication). This is where user access is granted only after successfully presenting two or more pieces of evidence to verify and validate the user access.
I must say, I am no expert in cybercrime and cybersecurity. However, I believe that your privacy, my privacy and our privacy is a fundamental right that should not be left to chance in this digital age. You may think you have nothing to hide, but actually you have everything to protect. One book that will help you go a long way in ensuring that you protect your information is ‘The Art of Invisibility: The World’s Most Famous Hacker teaches you to how to be safe in the age of Big Brother and Big Data ‘ by Kevin Mitnick.