Explaining how social media accounts are hacked
As the news of Congress Party and its Vice President Rahul Gandhi's Twitter accounts being hacked spread like wildfire on Thursday, cyber experts were not surprised. The phenomenon is quite common across the globe where hackers are always a step ahead when it comes to data breach—be it a social media platform or your financial information.
When it comes to celebrities, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar Pichai, Twitter co-founder and former CEO Evan Williams, US Actor-singer Jack Black—even the late Beatle George Harrison—have seen their social media accounts being hacked in recent times.
Even social networking websites with two-step verification procedures are not secure anymore as hackers have evolved various strategies to steal personal information from computers, laptops or smartphones.
"There may be a possibility that Rahul Gandhi's Twitter account was logged into from an unsecured computer or a device that did not have a next-generation firewall, updated anti-virus software or from a compromised IP address. This situation is a boon for hackers who are always searching for security flaws and hack into the social media accounts of celebrities and political leaders," Anoop Mishra, one of the nation's leading social media experts, said.
According to Saket Modi, Co-founder and CEO of IT risk assessment and digital security services provider Lucideus, the recent hack (of both Congress Party and its Vice President's Twitter accounts) can be a result of any one of two possibilities.
"It can either be a potential backdoor (malware) being present on a computer system on which both the accounts might have been simultaneously accessed, or this can be a long, persistent and targeted attack (spear phishing in most cases) on the political party. In both instances, I am certain there is more data in the hands of the hackers than just account access that might be released in due course of time," Modi said.
"The only two parties responsible for the security of a social media account are the social media provider (in this case Twitter) and the owner of the account. As these are just two accounts that have been compromised and misused, it is safe to assume that the exploited vulnerability was not present on the side of Twitter," Modi added.
There are several infamous groups busy working day and night to hack into social media accounts—be it Legion, that claimed to have hacked into Rahul Gandhi's Twitter account, or OurMine, that compromised the Twitter accounts of Zuckerberg, Dorsey, Pichai and others.
The most popular website among hackers is LeakedSource.com which compiles the databases for publicly available hacks of usernames, passwords and email addresses from every major website security breach over the last few years, say media reports.
For a country like India that is transitioning to a digital era, experts feel there is a need for stronger cyber laws to minimise such cyber-bullying risks.
"India still does not have a dedicated legislation on cyber security or bullying when it comes to social media platforms. Given its vision of becoming an IT superpower, the country needs to have a dedicated cyber security law on this at the earliest," Pavan Duggal, one of the nation's top cyber law experts and a senior Supreme Court advocate, said.
The Information Technology Act, 2000, was amended in 2008. By the 2008 amendments, certain cosmetic changes concerning cyber security were made to the Information Technology Act, 2000.
"These amendments are not sufficient and adequate in today's scenario. Further, the cyber security breach ecosystem ground realities are distinctly different in 2016 as compared to 2008. As such, there is a distinct need for India to beef up its legal frameworks on cyber security and cyber bullying," Duggal added.
People need to adopt various cyber hygiene methodologies to avoid online data stealing.
"Having in place an updated anti-virus software on your computer system is a critical component. There are several encrypted data services available which can be used abroad. Company executives should only access HTTPs sites—being secure sites," Duggal suggested.
"If you're accessing something sensitive on public Wi-Fi, try to do it on an SSL (Secure Socket Layer) encrypted websites. The HTTPs browser extension can reduce the risk by redirecting you to an encrypted page when available," Mishra explained.
Turn off file/computer/network sharing and avoid using specific websites where there's a chance that cyber criminals could capture your identity, passwords or personal information.
"Make all new PIN and account passwords different and difficult to guess. Include upper and lower case letters, numbers and symbols to make passwords harder to crack online," suggested Sunil Sharma, Vice President-Sales and Operations (India & SAARC), Sophos, a global leader in network and endpoint security.
(The views expressed in this article are strictly personal.)