Indian Prime Minister Narendra Modi’s Twitter Account Gets Hacked(bloombergquint.com)
bloombergquint.com
Indian Prime Minister Narendra Modi’s Twitter Account Gets Hacked
https://www.bloombergquint.com/technology/indian-prime-minister-narendra-modis-twitter-account-gets-hacked
81 comments
I am pretty sure it was social engineering. One can't seriously think only Modi logs into his twitter. I mean look at his instagram page; the guy is self obsessed and has team of midwits working in his IT cell.
Can you explain what insta and twitter is for, if not self promotion?
> self obsessed
You mean like the rest of the people on Instagram?
Even if it's not Instagram, that is what most politicians do to stay in power (advertising things done by them and hiding the things detrimental to them)
You mean like the rest of the people on Instagram?
Even if it's not Instagram, that is what most politicians do to stay in power (advertising things done by them and hiding the things detrimental to them)
Quite a bit more than that. He's got his photo on covid certificates, among others.
This feels vague and whataboutism-ish. He's known to be particularly that way inclined.
self obsession - Modi posted an obituary the other day with 4 pictures of himself attending the funeral.
I just wonder if the hacker tweeted "Effective immediately all 2000 rs notes are demonitized. Official announcement at 9pm."
Would have crashed the whole bloody stock market.
Would have crashed the whole bloody stock market.
And this is what kind of indicates it was not state sponsored.
Won’t be really surprised if an IT Cell team lead unwittingly handed over control of the account to an enterprising cousin for a while :D
Won’t be really surprised if an IT Cell team lead unwittingly handed over control of the account to an enterprising cousin for a while :D
I can think of a few other things which would have a bigger impact.
"Suck it Pakistan, missiles launched"
"Britain did nothing wrong"
"After 3000 years of struggle we've finally invented the toilet"
"Suck it Pakistan, missiles launched"
"Britain did nothing wrong"
"After 3000 years of struggle we've finally invented the toilet"
Looks like the hacker was like a dog chasing cars. Didn't know what to do with the account once they hacked it.
Maybe they invested a lot of personal money in BTC, tweeted, and hoped for a large short-term gain from the increased value of BTC?
Then they would have just posted a credible sounding message instead of an obviously shady looking link.
Saying, “My advisory team studied safest crypto currencies. We are considering making Bitcoin as official digital currency of India”, would have worked better.
Or “From X:Ypm we are making Bitcoin India’s only and official currency”. Given his track record I might have beloved it.
I think it was what happened - chasing dog getting the car.
Saying, “My advisory team studied safest crypto currencies. We are considering making Bitcoin as official digital currency of India”, would have worked better.
Or “From X:Ypm we are making Bitcoin India’s only and official currency”. Given his track record I might have beloved it.
I think it was what happened - chasing dog getting the car.
Don't expect the crypto fanatics of Twitter hacks to exercise discretion. Remember the 2020 doubling scam [1]? Hundreds of high profile accounts hijacked and the best they could do is the most ancient trick in the book.
I have to wonder what the combined effect of all these scams is on the BTC price. It can't be good for public opinion for Bitcoin to be "that thing that hackers and scam artists keep promoting on twitter".
1. https://en.wikipedia.org/wiki/2020_Twitter_account_hijacking
I have to wonder what the combined effect of all these scams is on the BTC price. It can't be good for public opinion for Bitcoin to be "that thing that hackers and scam artists keep promoting on twitter".
1. https://en.wikipedia.org/wiki/2020_Twitter_account_hijacking
Twitter should have 2FA enabled by default. Most national governments, agencies and leaders are on twitter. Passwords are inherently insecure and things can get ugly real fast.
Passwords (when you use a password manager) are as secure as your computer.
If your computer is compromised, you are out of luck anyhow. As the attacker then can just use your logged in browser or app to post whatever they like.
If your computer is compromised, you are out of luck anyhow. As the attacker then can just use your logged in browser or app to post whatever they like.
Passwords are at most as secure as your computer.
There are many ways to compromise passwords other than achieving access to the user's computer, such as phishing and password reuse. Use of a password manager mitigate these attacks a bit, but not completely.
There are many ways to compromise passwords other than achieving access to the user's computer, such as phishing and password reuse. Use of a password manager mitigate these attacks a bit, but not completely.
So now instead of social engineering the government intern all they have to do is social engineer the phone company. It’s called sim swapping. 2FA is bullshit and doesn’t work in practice.
> 2FA is bullshit and doesn’t work in practice.
You made an argument against SMS/phone-based 2FA, but didn’t address any other 2FA method such as U2F. I don’t see how your claim follows.
You made an argument against SMS/phone-based 2FA, but didn’t address any other 2FA method such as U2F. I don’t see how your claim follows.
I only say 2FA because every instance of being offered the choice to use 2FA in my experience was phone based. It’s by far the most common 2FA scheme — its very widely asserted that phone based 2FA is secure and it enrages me because it really isn’t.
But something like u2f as far as I can tell isn’t any better than memorizing a strong pass-phrase. It’s basically just moving the password manager to a computer that’s not connected to the internet. I guess it’s easier than memorizing.
But something like u2f as far as I can tell isn’t any better than memorizing a strong pass-phrase. It’s basically just moving the password manager to a computer that’s not connected to the internet. I guess it’s easier than memorizing.
It adds one more layer of security and makes stuff like this much more difficult. Now the attacker has to both, figure out his password and hack his phone. How is this bullshit?
Because the way it’s implemented in 99% of cases is password reset uses your phone for validation. But that’s not true 2FA.
It’s a widespread lack of courage which I think afflicts many areas of the western world right now. Instead of making things right, everyone just says well if you lose your password then it’s ok, just do x y and z and you can reset your password. Never mind the fact that this completely ruins the whole point of passwords and 2FA. People aren’t brave enough to just confront the plain fact that in order to have security, you have to let your customers deal with the bitter consequences of losing their passwords. Instead of rightly putting the burden of managing passwords on the consumer, we treat them like children at the expense of sanity and order.
Just strong passwords and backup passwords is way stronger than 2FA anyway
It’s a widespread lack of courage which I think afflicts many areas of the western world right now. Instead of making things right, everyone just says well if you lose your password then it’s ok, just do x y and z and you can reset your password. Never mind the fact that this completely ruins the whole point of passwords and 2FA. People aren’t brave enough to just confront the plain fact that in order to have security, you have to let your customers deal with the bitter consequences of losing their passwords. Instead of rightly putting the burden of managing passwords on the consumer, we treat them like children at the expense of sanity and order.
Just strong passwords and backup passwords is way stronger than 2FA anyway
You are describing 1fa if SIM-swappinh is enough.
I’m sure a somewhat large team manages or has access to that account, and it’s possible that one of them fell for some social engineering attack. It’s still a bit shameful that country and state representatives cannot use better security practices, including two factor authentication.
BTW, the distribution of 500BTC to citizens could be a joke based on a past campaign statement by him that he would bring back all “black money” stashed abroad by Indian citizens and that would result in each Indian getting 15 Lakh rupees (1.5 million rupees) in their bank accounts. The actual wording of this promise was different, but it became a constant joke when he failed to get the claimed dirty money back. For comparison, the per capita income in India when that was announced was around 70,000 rupees.
BTW, the distribution of 500BTC to citizens could be a joke based on a past campaign statement by him that he would bring back all “black money” stashed abroad by Indian citizens and that would result in each Indian getting 15 Lakh rupees (1.5 million rupees) in their bank accounts. The actual wording of this promise was different, but it became a constant joke when he failed to get the claimed dirty money back. For comparison, the per capita income in India when that was announced was around 70,000 rupees.
A couple months ago, Twitter announced that all staff are required to use U2F for their accounts. Why not have this requirement for important accounts, as well?
Is saying 7.3 crore rather than 73 million common Indian vocabulary? Is there an equivalent for a hundred million or ten billion?
Yes. 'Crore' and 'Lakh' are very common in the Indian Subcontinent and parts of Middle East.
https://en.wikipedia.org/wiki/Indian_numbering_system
https://en.wikipedia.org/wiki/Indian_numbering_system
Yes, lakh,crores are a common part of language. For a billion, I believe it is "arab" and for a hundred billion, it is "kharab".
1 crore = 10 million
100 crore = 1 billion = 1 arab
100 arab = 0.1 trilion == 1 kharab
1 crore = 10 million
100 crore = 1 billion = 1 arab
100 arab = 0.1 trilion == 1 kharab
Though beyond the crore, most people wouldn't know what you were talking about.
Ambani is oftened referred to as an arabpati (a billionaire) at least in Hindi language media.
Kharab is more obscure as until now I thought a kharab was one trillion.
Kharab is more obscure as until now I thought a kharab was one trillion.
Arab and Kharab - https://en.wikipedia.org/wiki/Indian_numbering_system
How. I mean let's talk how.
I know twitter has security to disable password resets. Or, like there are extra precautions for important accounts and such. Read about that.
Short of someone copying the login from a browser, I don't see how this is possible. I would love to hear ideas
Edit: yeah, what about 2fa ?
I know twitter has security to disable password resets. Or, like there are extra precautions for important accounts and such. Read about that.
Short of someone copying the login from a browser, I don't see how this is possible. I would love to hear ideas
Edit: yeah, what about 2fa ?
Not the first time this has happened. Why isn’t there 2FA required for sign in?
When more than one person needs access, like say a social media team, then usually the 2FA has to be piped into some mechanism for the entire team to get it otherwise things get very frustrating very fast and then it gets turned off. So it’s entirely understandable that it’s either off or not as much of a preventative as you might think.
Twitter should implement a feature to allow different people to manage a shared account with a separately set up 2FA for each individual that needs access to the account. It would be entirely feasible to do so, and Twitter is a 36B USD company so they should be able to implement it.
This
Did somebody pegasus his password?
anshumankmr(4)
Is Twitter written in Java?
Looking at the security of twitter account, it looks like an insider job at Twitter. Unimaginable without inside help.