You may have missed the story as you were leaving early last Friday for the long holiday weekend: Jack got hacked.
Jack, of course, is Jack Dorsey, CEO and co-founder of Twitter and Square. And ‘hacked’, in this instance, means that there were a number of inappropriate tweets that seemingly originated from his personal Twitter account. Twitter “regained control” of the account after about 15 minutes, but the damage was already done.
It’s worth examining exactly how the hackers gained access to Jack’s personal Twitter account. One might suspect that the highly visible CEO of a technology company would have best available security safeguards in place, and that any “hack” aimed at such an individual would require a tremendous amount of technical skill, coordination and resources.
Those suspicions would be wrong. The technique the hackers used was surprisingly simple and shockingly prevalent, especially in markets that have a majority of users with pre-paid mobile phone services: a SIM swap.
A SIM swap occurs when a fraudster, using a victim’s personal information gleaned off the dark web or other available sources, calls the victim’s mobile network operator (AT&T or T-Mobile, for example), and impersonating the victim, has the mobile network operator transfer the victim’s phone number to a different mobile device that is in the fraudster’s possession. Read full post