In Venezuela, for example, digital-rights group Access Now says it discovered recently that Twitter accounts belonging to a local journalist and a member of parliament and human-rights activist had been hijacked, using a procedure it calls “the Double Switch.”
The hackers then used the accounts to spread fake news, something that has been particularly problematic in Venezuela because of the political unrest there, including a government crackdown that involves online surveillance and censorship.
The journalist and the politician/activist both got in touch with a digital help-line that Access Now operates in a number of countries and asked for help in getting their accounts back.
According to the group, the Double Switch begins when a hacker gets access to the login credentials for an account, whether through a “phishing” attack (which often involves a phony email request pretending to be from the service itself) or through other means.
The hacker then resets the login name and password, as well as the recovery email, so that the original user can’t get access. Then the “double switch” begins.
First, the hacker changes the name on the Twitter account, Access Now says. Then later, they change the name back to the original account-holder’s name or “handle.” They can do this because once a Twitter account is deactivated, the name on the account is freed up for others to use.
By the time the second switch is activated, the hackers have full control, so any attempt by the original account holder to regain access fails, since emails and other messages from Twitter with password-reset information etc. go to the hacker.
Access Now says in its report that the victims worked with Twitter to regain access to their accounts, and were ultimately successful in doing so. But by then, much damage had been done.
In one case, the user’s account was deleted. In the other, some of the account-holder’s original tweets were deleted, and the account was used to spread misinformation about events in Venezuela.
The digital-rights group — which said that similar methods could theoretically be used to hijack an account on Facebook or Instagram as well as Twitter — asked for social-media companies to do more to make it easier for account-holders to get access to a hijacked account.
The group also recommended that Twitter and others have different methods for restricting access to an account, apart from what is called “two-factor authentication.”
Two-factor authentication uses two different methods to verify a user’s identity, such as a password and a special one-time code sent to a mobile phone. Activists in countries like Venezuela, however, might not want to have their phone associated with such an account, Access Now said, because it could open them up to surveillance and harassment.