20.5k unique visitors in the last 3 days

SIM Swappers Tweet from Twitter CEO’s Account

The hackers known as ChucklingSquad have repeated their SIM swapping tricks with Jack Dorsey, founder and CEO of Twitter, becoming their latest victim.

Fresh from taking control of the social media accounts of popular YouTubers, the SIM swappers who call themselves ChucklingSquad have tweeted rude messages from the Twitter account of Jack Dorsey, founder and CEO of Twitter (pictured). As you might expect, Twitter later ‘resolved’ the issue by blaming a telco.

Forbes and many other sources have stated that AT&T provides Dorsey’s mobile phone service. That would be consistent with ChucklingSquad’s modus operandi, though it is unclear why the hacker has not swapped SIMs on other networks. But instead of pointing fingers immediately at AT&T, why are none of these journalists asking why everybody seemingly knows Dorsey’s network provider and phone number? More importantly, why is a tech billionaire ranked 343rd richest in the world incapable of employing someone in his own business to enhance security?

It should come as no surprise that Twitter behaves like they are literally incapable of doing anything to improve the security and privacy of their own service. They epitomize the woeful security culture that dominates most consumer technology businesses. More and more services were launched where passwords were the only way to authenticate users. Then business leaders were shocked – SHOCKED! – to discover that some people had passwords like 12345 or PASSWORD. There have been so many data breaches that having a password is almost pointless, because hackers do a better job of maintaining a list of all your old passwords than you ever can. Unable to rely on passwords any more, tech businesses took the next most laziest approach to authenticating customers. They assumed a mobile phone number is the same as a person, and decided that everything they offer – social media, OTT comms, online banking, cryptocurrency wallets – should be accessible to the person who controls that number. What could possibly go wrong?

I almost wish that American telcos would impose the blindly simplistic solution that so many are demanding, by making it harder for anyone – including ordinary customers – to replace a lost or stolen SIM. The USA is a country with such low expectations that many politicians seriously argue it is too much of a burden to expect citizens to present photo ID before they vote. So how should telcos verify customers? Should they impose a higher standard than voting laws? The American Civil Liberties Union says that asking for photo ID “disproportionately” affects “low-income, racial and ethnic minorities, the elderly, and people with disabilities”. Should phone companies be disproportionately denying their services to these individuals as well? And how would we feel about black, poor and old people being locked out of every online service because they were denied a new SIM?

SMS messages were never designed to be the key that unlocked every service that tech firms wanted to throw at customers over the internet. But that is how SMS messages are now being used and abused. Instead of bowing to public pressure, telcos should let the SIM swap scandals keep flowing. Eventually customers will ask why tech billionaires like Dorsey are too cheap and too slapdash to implement security that does not disproportionately rely on businesses they do not control.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email