New Delhi: Early on Sunday, a tweet sent from Prime Minister Narendra Modi’s Twitter account announced that “India has officially adopted bitcoin as legal tender”. The tweet, which comes as India is looking to prohibit private cryptocurrencies, was quickly deleted and the PM’s handle said the matter had been “escalated to Twitter”.
The national cybersecurity agency Computer Emergency Response System (Cert-In) has also launched a “full-scale investigation” to ascertain how the hack took place.
According to Twitter, however, the PM’s account was not compromised due to any breach in the social platform’s system.
“We have 24X7 open lines of communication with the PM’s Office and our teams took necessary steps to secure the compromised account as soon as we became aware of this activity,” a Twitter spokesperson told ThePrint via e-mail. “Our investigation has revealed that there are no signs of any other impacted accounts at this time.”
Notably, Twitter took responsibility last year when several high-profile accounts were compromised in a crypto scam.
While government officials are not ruling out a security lapse on Twitter’s part in this instance too, ThePrint spoke to experts who pointed out that the PM’s account could have been compromised due to more prosaic reasons — including a lack of two-factor authentication. Twitter guidelines, meanwhile, say the reasons for such instances may range from malware or a virus, to sharing the username/password with a malicious third-party website.
Also Read: PM Modi’s Twitter handle ‘briefly compromised’, tweets that Bitcoin now legal tender
If not a Twitter security lapse, then what?
According to Debayan Gupta, assistant professor of computer science at Ashoka University, Sonepat, it is “unlikely” that PM Modi’s account would have been compromised if two-factor authentication had been enabled.
He also told ThePrint that, ideally, for such an important account, an “air-gapped device” should be used — meaning that the device should be used only for Twitter and not for browsing other sites since this would make it harder for the account to be compromised.
Twitter also explains that accounts may be compromised by a “malicious third-party application or website” you have shared username and password with. It further warns that you should be “especially” cautious about sharing details with third parties who promise “to get you followers, make you money, or verify you”.
The microblogging site adds that compromises may also occur due to malware and viruses on the device, or a weak password that is easy to identify.
Twitter recommends setting a strong password not used anywhere else, and enabling two-factor authentication so that logging in requires, in addition to a password, another factor like a security code. Security keys are another effective option.
According to a transparency report released by Twitter in July this year, only 2.3 per cent of active users reported using at least one method of two-factor authentication between June and December 2020.
When Twitter did own up
In July 2020, the Twitter accounts of Jeff Bezos, Bill Gates, Joe Biden, Elon Musk, and Barack Obama were all compromised and sent out tweets asking followers to send them bitcoin to get double the returns.
In that instance, Twitter acknowledged that the hackers targeted a few employees by calling them and tricking them into sharing their usernames and passwords.
“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said about the hacking incident, in which 130 accounts in all were targeted, “ultimately tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter data of 7″.
Prayukth K.V., marketing head of Sectrio, the cybersecurity division of Bengaluru-based telecom analytics firm Subex, told ThePrint that the PM’s account being compromised is similar to the 2020 incident.
“The hackers are sending a message to the government that a) we will strike you at will and b) you cannot stop crypto currencies through legislation…This is a way in which hackers can generate awareness on bitcoins and then use the hype to scam people,” Prayukth said.
However, Twitter, as mentioned earlier, has maintained that, in the Modi case, the breach is not due to a breach in its systems.
When told about this, a senior government official said it is too early to rule out a security lapse at Twitter’s end.
“This is similar to the manner in which some other high-value accounts have been compromised in the past. Previously hackers have got through to the accounts of Donald Trump, Elon Musk, Jack Dorsey and Jeff Bezos. The handle @narendramodi_in was compromised last year similarly,” said the official on condition of anonymity.
“The hacking is being investigated to determine possible location from where the attacks emanated and identify factors that may have caused the breach in Twitter’s servers, compromising the Prime Minister’s account,” the official added.
What happened?
In the early hours of 12 December, the account of India’s most followed Twitter user and the world’s “most followed head of state” tweeted: “India has officially adopted bitcoin as legal tender”.
About an hour after the fake tweet was sent, the Prime Minister’s office tweeted: “The Twitter handle of PM @narendramodi was very briefly compromised. The matter was escalated to Twitter and the account has been immediately secured. In the brief period that the account was compromised, any tweet shared must be ignored.”
(Edited by Asavari Singh)
Also Read: From ‘I had idli’ to political megaphone, how tiny Twitter punches above its weight in India