Good day. You’re only as strong as your weakest link, the conventional cyber-wisdom goes. As the July 15 attack at
shows, sometimes employees are that flimsy link. Authorities say a 17-year-old in Florida called Twitter employees and got them to divulge details that eventually led to the compromise of 130 accounts. The teen is one of three males charged in connection with the hack, The Wall Street Journal reports.
says it expects to work out a deal to buy TikTok by mid-September; lawmakers want the FTC to examine practices in the mobile ad industry; sports stadiums bet on facial recognition; cyber experts can be paired with election officials to improve security; and medical researcher pleads guilty to selling secrets to China.
Plus: Who lacks final authority for security policy but gets blamed for breaches? The CISO, according to one study.
Twitter Hack: What Happened
Three people are charged in Twitter hack. Twitter’s worst-ever hack began May 3 with a teenager on a telephone, according to an indictment filed Friday by federal authorities charging three males in connection with the July 15 episode.
Graham Ivan Clark, of Tampa, Fla., was arrested and charged as an adult Friday with orchestrating the hack that sent Twitter’s security team scrambling. As the world watched, prominent accounts, including those of Joe Biden, Elon Musk, and Apple, were taken over to promote a cryptocurrency scam.
On Thursday, Twitter said the hackers talked their way into the company’s computer network, calling up employees and using “social engineering” techniques to trick them into divulging information.
They used that knowledge to access other parts of the system, ultimately gaining the ability to circumvent Twitter’s protections and reset the passwords of dozens of user accounts.
Mr. Clark sold access to Twitter accounts to brokers who would then find buyers for them. Mr. Clark himself took over 17 high-profile accounts, including those of Bill Gates, Barack Obama and Mr. Musk, using them to make more than $100,000 promoting a bitcoin scam, said Hillsborough County, Fla., State Attorney Andrew Warren.
Read the full story.
Related Video: Hacking Hits High-Profile Twitter Accounts
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
Security professionals who said that the cybersecurity chief is ultimately held responsible for breaches, according to research from
and Ponemon Institute. By contrast, just 27% said that the chief is the security policy and technology decision-maker. The study looked at 500 data breaches occurred between August 2019 and April 2020.
More Cyber News
Trump to give ByteDance 45 days to devise deal for TikTok: Report. Talks between the Chinese company and Microsoft, which reportedly seeks to buy the video-sharing app, will be monitored by the Committee on Foreign Investment in the United States, Reuters reports, citing sources familiar with the matter. The parties didn’t respond to the news site’s requests for comment. Microsoft said in a blog post Sunday that it is committed to reaching an agreement, The WSJ reports. Chief Executive Satya Nadella spoke by phone with President Trump about the possible deal. U.S. officials have expressed concerns that TikTok could pass on the data it collects from Americans to China’s authoritarian government. TikTok has said it would never do so.
Lawmakers urge FTC probe of mobile ad industry’s tracking of consumers. The complaint sent to the FTC on Friday cites a little-known practice of using what is called “bidstream” data derived from the ads that appear on websites and in mobile applications to obtain sensitive information about consumers that can include their real-world locations and information about their age and gender, The Wall Street Journal reports.
Information is packaged, sold by data brokers. The letter cites one data broker, Mobilewalla, which used such data to analyze the demographics of attendees at recent Black Lives Matter protests. The company’s CEO, Anindya Datta, in 2017 said that it uses mobile location to identify Americans who visited places of worship, to build advertising profiles that can be targeted at religious Americans.
More on Privacy: Facial Recognition’s Next Big Play: the Sports Stadium
Match-making app in development for election officials and cyber volunteers. The University of Chicago is building a database to match local election authorities to cybersecurity and technology experts who want to volunteer to help improve the security of voting systems, Dark Reading reports. A volunteer application form asks about key skills.
Medical researcher pleaded guilty to selling scientific secrets to China. Li Chen worked at Ohio’s Nationwide Children’s Hospital’s Research Institute, InfoSecurity Magazine reports. She and her husband, who also worked at the facility, were arrested in 2019 by U.S. authorities and accused of stealing and selling cellular research to the Chinese government. Ms. Chen pleaded guilty to theft of trade secrets and attempt or conspiracy to commit mail fraud.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe