Taking too long? Close loading screen.
Connect with us

Tech

Twitter hack probe leads to call for cybersecurity rules for social media giants

Published

on

An investigation into this summer’s Twitter hack by the New York State Department of Financial Services (NYSDFS) has ended with a stinging rebuke for how easily Twitter let itself be duped by a “simple” social engineering technique — and with a wider call for key social media platforms to be regulated on security.

In the report, the NYSDFS points, by way of contrasting example, to how quickly regulated cryptocurrency companies acted to prevent the Twitter hackers scamming even more people — arguing this demonstrates that tech innovation and regulation aren’t mutually exclusive.

Its point is that the biggest social media platforms have huge societal power (with all the associated consumer risk) but no regulated responsibilities to protect users.

The report concludes this is a problem U.S. lawmakers need to get on and tackle stat — recommending that an oversight council be established (to “designate systemically important social media companies”) and an “appropriate” regulator appointed to ‘monitor and supervise’ the security practices of mainstream social media platforms.

“Social media companies have evolved into an indispensable means of communications: more than half of Americans use social media to get news, and connect with colleagues, family, and friends. This evolution calls for a regulatory regime that reflects social media as critical infrastructure,” the NYSDFS writes, before going on to point out there is still “no dedicated state or federal regulator empowered to ensure adequate cybersecurity practices to prevent fraud, disinformation, and other systemic threats to social media giants”.

“The Twitter Hack demonstrates, more than anything, the risk to society when systemically important institutions are left to regulate themselves,” it adds. “Protecting systemically important social media against misuse is crucial for all of us — consumers, voters, government, and industry. The time for government action is now.”

We’ve reached out to Twitter for comment on the report

Among the key findings from the Department’s investigation are that the hackers broke into Twitter’s systems by calling employees and claiming to be from Twitter’s IT department — through which simple social engineering method they were able to trick four employees into handing over their log-in credentials. From there they were able to access the Twitter accounts of high profile politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and a number of cryptocurrency companies — using the hijacked accounts to tweet out a crypto scam to millions of users.

Twitter has previously confirmed that a “phone spear phishing” attack was used to gain credentials.

Per the report, the hackers’ “double your bitcoin” scam messages, which contained links to make a payment in bitcoins, enabled them to steal more than $118,000 worth of bitcoins from Twitter users.

Although a considerably larger sum was prevented from being stolen as a result of swift action taken by regulated crypto companies — namely: Coinbase, Square, Gemini Trust Company and Bitstamp — who the Department said blocked scores of attempted transfers by the fraudsters.

“This swift action blocked over 6,000 attempted transfers worth approximately $1.5 million to the Hackers’ bitcoin addresses,” the report notes.

Twitter is also called out for not having a cybersecurity chief in post at the time of the hack — after failing to replace Michael Coates, who left in March. (Last month it announced Rinki Sethi had been hired as CISO).

“Despite being a global social media platform boasting over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection,” the NYSDFS writes. “At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring — some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation.”

European Union data protection law already bakes in security requirements as part of a comprehensive privacy and security framework (with major penalties possible for security breaches). However an investigation by the Irish DPC of a 2018 Twitter security incident is still yet to conclude after a draft decision failed to gain the backing of the other EU data watchdogs this August — triggering a further delay to the pan-EU regulatory process.

Source

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Conquer Your Pup’s Dander and Fur With $700 Off a Cobalt or Charcoal Bobsweep PetHair Plus Robot Vacuum

Published

on

Best Home DealsBest Home DealsThe best home, kitchen, smart home, and automotive deals from around the web, updated daily.

Bobsweep PetHair Plus Robot Vacuum & Mop (Cobalt) | $200 | Best Buy

Bobsweep PetHair Plus Robot Vacuum & Mop (Charcoal) | $200 | Best Buy

Allergies can be bad enough as the seasons change. Don’t let pet hair and dander add to that by vacuuming it up early and often. That chore is easier said than done— unless you have a robot vacuum to do the work for you. This lovely bright cobalt Bobsweep PetHair Plus robot vacuum and mop, only $200 today at Best Buy seems like an ideal option. That’s a whopping $700 off, by the way.

Advertisement

You can get the same deal for the charcoal version of the robot vac, too. This model is not only specially made for picking up pet hair, it self docks and charges when it’s finished with the work.

It also comes with a mop attachment, so it can take care of those kitchen floors for you as well. Grab it while it’s still available for this fantastic price!

Advertisement


Source

Continue Reading

Tech

Apple will replace AirPods Pro for free with faulty noise cancellation, static or crackling

Published

on

Today, exactly one year after Apple first launched the AirPods Pro — and thus the same day the very first AirPods Pro owners will see their one-year warranties expire — Apple has launched a repair program that offers free repairs or replacements for another whole year if your AirPods Pro experience issues with noise cancellation or static.

Specifically, Apple will fix:

Crackling or static sounds that increase in loud environments, with exercise or while talking on the phone

Active Noise Cancellation not working as expected, such as a loss of bass sound, or an increase in background sounds, such as street or airplane noise

Apple says only a “small percentage of AirPods Pro” are affected by the issues, but it apparently wasn’t just an early batch — Apple says affected units were manufactured “before October 2020,” meaning every AirPods Pro ever made might be eligible. That’s quite a recall if so. Apple says it will repair faulty AirPods Pro for two years after you first buy them.

We’ve heard complaints about degraded noise cancellation before, and at least one Verge editor has replaced their AirPods Pro under warranty. It’s nice to hear that Apple isn’t just cutting buyers off as soon as that warranty expires.

Source

Continue Reading

Tech

This 55″ 4K TCL Smart TV Hangs on Your Wall for $200

Published

on

Best Tech DealsBest Tech DealsThe best tech deals from around the web, updated daily.

TCL 55″ S434 4K Smart TV | $200 | Best Buy

Best Buy has an insane deal going for a brand new 55″ 4K TCL smart TV. It’s the S434, which is pretty baseline for TCL’s lineup, but at just $200, there’s little to complain about. TCL’s panels are plenty sharp and accurate, and with this set, you’ll get HDR10 compliance for enhanced color and brightness in supported games and video content. This model has Android TV onboard for all your app needs, and with an included voice remote, all your favorite content is just a shout away with the help of Google Assistant.

Advertisement


Source

Continue Reading

Trending