Incident: Twitter CEO Jack Dorsey's Account Hacked via Sim Swap Attack

Published Date: 2019-08-30

Postmortem Analysis
Timeline 1. The software failure incident of Jack Dorsey's Twitter account being hacked and briefly hijacked happened on August 30, 2019 [Article 88199].
System The system that failed in the software failure incident reported in Article 88199 was: 1. Mobile phone company's security oversight that led to the compromise of the phone number associated with Jack Dorsey's Twitter account, allowing unauthorized access and tweets to be sent [88199].
Responsible Organization 1. The hackers known as the "Chuckling Squad" were responsible for causing the software failure incident by hijacking Jack Dorsey's Twitter account [Article 88199].
Impacted Organization 1. Jack Dorsey's Twitter account [@88199].
Software Causes 1. The software cause of the failure incident was a security oversight by the mobile provider, which allowed an unauthorized person to compose and send tweets via text message from the phone number associated with Jack Dorsey's Twitter account [88199].
Non-software Causes 1. The hack on Jack Dorsey's Twitter account was caused by a security oversight by his mobile phone company, allowing an unauthorized person to compose and send tweets via text message from the phone number [88199].
Impacts 1. The Twitter account of Jack Dorsey was hacked and hijacked, leading to the publication of tweets containing racial slurs, profanity, praise for Adolf Hitler, and a reference to a bomb threat at Twitter HQ [88199]. 2. The hack resulted in Twitter confirming the breach and regaining control of the account within 30 minutes, attributing the fault to Dorsey's mobile phone company due to a security oversight that allowed an unauthorized person to send tweets via text message from the compromised phone number [88199]. 3. The incident highlighted the vulnerability of mobile phone numbers to Sim swap attacks, where hackers can convince mobile phone carriers to switch a phone number to a different Sim card, gaining control of the phone number and potentially accessing social media accounts with two-factor authentication [88199].
Preventions 1. Implementing stronger authentication measures beyond just two-factor authentication, such as biometric authentication or hardware security keys, could have prevented the Sim swap attack that led to the Twitter account hack [88199]. 2. Mobile phone companies should enhance their security protocols to prevent unauthorized Sim swaps, possibly by implementing stricter verification processes for such requests [88199]. 3. Regular security audits and monitoring of accounts, especially those of high-profile individuals like CEOs, could help detect and prevent unauthorized access or breaches before they escalate [88199].
Fixes 1. Implement stronger authentication measures beyond just SMS-based two-factor authentication to prevent unauthorized access to accounts [88199]. 2. Mobile phone companies should enhance security protocols to prevent Sim swap attacks, such as implementing stricter verification processes before transferring phone numbers to different Sim cards [88199].
References 1. Twitter spokesperson [Article 88199] 2. Twitter's official statement [Article 88199] 3. Discord server linked to by the hackers [Article 88199] 4. US Senate intelligence committee [Article 88199]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) This incident involving the hacking of Jack Dorsey's Twitter account is not the first time his account has been compromised. In 2016, a hacking group known as OurMine Security took over the accounts of numerous celebrities and tech executives, including Dorsey [88199]. (b) The article mentions that Dorsey is not the first technology CEO to suffer the embarrassment of a personal hack. This incident is part of a trend where accounts of various celebrities and tech executives, such as Mark Zuckerberg, Sundar Pichai, and Travis Kalanick, have been compromised in the past [88199].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be attributed to the security oversight by the mobile provider associated with Jack Dorsey's Twitter account. Twitter attributed the fault for the hack to Dorsey's mobile phone company, stating that the phone number associated with the account was compromised due to a security oversight by the mobile provider [88199]. (b) The software failure incident related to the operation phase can be linked to the Sim swap attack that allowed the hackers to gain control of Jack Dorsey's Twitter account. The Sim swap attack involved convincing a mobile phone carrier to switch a particular phone number to a different Sim card, giving the hacker control of the phone number [88199].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident involving the hacking of Jack Dorsey's Twitter account was attributed to a security oversight by the mobile provider, which allowed an unauthorized person to compose and send tweets via text message from the phone number associated with the account. This issue was resolved by Twitter, indicating that the failure originated from within the system [88199]. (b) outside_system: The hack on Jack Dorsey's Twitter account was achieved through a Sim swap attack, where a hacker convinced the mobile phone carrier to switch the phone number to a different Sim card, giving the hacker control of the phone number. This external manipulation of the mobile provider's system allowed the hackers to breach Twitter's system and compromise Dorsey's account [88199].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in this case occurred due to non-human actions. The Twitter account of Jack Dorsey was hacked and briefly hijacked by the "Chuckling Squad" hackers. The hack was attributed to a security oversight by the mobile provider, which allowed an unauthorized person to compose and send tweets via text message from the compromised phone number [88199].
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The Twitter account of Jack Dorsey was hacked and hijacked due to a security oversight by the mobile provider, which allowed an unauthorized person to compose and send tweets via text message from the compromised phone number [Article 88199]. (b) The software failure incident related to software: - The hack on Jack Dorsey's Twitter account was attributed to a Sim swap attack, where a hacker convinced the mobile phone carrier to switch the phone number to a different Sim card, giving the hacker control of the phone number [Article 88199].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case was malicious. The Twitter account of Jack Dorsey was hacked by a group calling themselves the "Chuckling Squad" who posted offensive tweets, including racial slurs, profanity, and bomb threats. The hackers also shared a link to a Discord server where they boasted about the hack. The hack was attributed to a Sim swap attack, where the hackers convinced Dorsey's mobile phone company to switch his phone number to a different Sim card, giving them control of the account [88199].
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The software failure incident involving the hacking of Jack Dorsey's Twitter account was primarily due to poor decisions made by his mobile phone company. Twitter attributed the fault for the hack to Dorsey's mobile phone company, stating that "The phone number associated with the account was compromised due to a security oversight by the mobile provider" [Article 88199]. This security oversight allowed an unauthorized person to compose and send tweets via text message from the phone number, leading to the hijacking of the account. (b) Additionally, the incident involved accidental decisions or mistakes on the part of the mobile phone carrier's employees who were likely tricked or bribed into facilitating the Sim swap attack. The article mentions that Sim swaps often occur when a hacker convinces a mobile phone carrier, often through bribery or trickery of low-level employees, to switch a particular phone number to a different Sim card, giving the hacker control of the phone number [Article 88199]. This indicates that the hack was facilitated by accidental decisions or mistakes made by the carrier's employees.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence is evident in the article as it mentions that the Twitter account of Jack Dorsey was hacked and briefly hijacked. The hack was attributed to a security oversight by the mobile provider, which allowed an unauthorized person to compose and send tweets via text message from the phone number associated with the account. This oversight by the mobile provider can be considered a failure due to contributing factors introduced due to lack of professional competence [88199]. (b) The software failure incident related to accidental factors is also present in the article. The hack was achieved through a Sim swap attack, where a hacker convinced the mobile phone carrier to switch the phone number to a different Sim card, giving the hacker control of the phone number. This type of attack can be considered accidental in the sense that it exploits vulnerabilities in the system that may not have been intentionally designed but exist due to the nature of the technology and human error [88199].
Duration temporary (a) The software failure incident in this case was temporary. Jack Dorsey's Twitter account was hacked and briefly hijacked, with the hackers posting tweets containing racial slurs, profanity, and other inappropriate content. Twitter confirmed the hack and regained control of the account within 30 minutes, attributing the fault to Dorsey's mobile phone company. The issue was resolved after the unauthorized person was able to send tweets via text message from the compromised phone number. The incident was not a permanent failure as Twitter was able to regain control and address the security oversight that led to the hack [88199].
Behaviour crash, value, other (a) crash: The software failure incident in the article can be categorized as a crash. Jack Dorsey's Twitter account was hacked, leading to a situation where the system lost control and started publishing unauthorized tweets, including racial slurs, profanity, and bomb threats. This behavior is indicative of a crash where the system was not performing its intended functions but instead was taken over by hackers, causing it to lose control and publish inappropriate content [Article 88199]. (b) omission: There is no specific mention of the software failure incident being categorized as an omission in the articles. (c) timing: The incident does not align with a timing failure where the system performs its intended functions but at the wrong time. (d) value: The software failure incident can be associated with a value failure. The unauthorized access to Jack Dorsey's Twitter account led to the system performing its intended functions incorrectly by publishing tweets containing racial slurs, profanity, and bomb threats, which were not part of the intended use of the account [Article 88199]. (e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The other behavior exhibited in this software failure incident is unauthorized access leading to a security breach. The hackers gained control of Jack Dorsey's Twitter account through a Sim swap attack, which involved compromising the phone number associated with the account. This unauthorized access resulted in the system behaving in a way not intended, allowing the hackers to publish tweets on behalf of Dorsey [Article 88199].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human, no_consequence, theoretical_consequence (a) death: There is no mention of any individuals losing their lives due to the software failure incident reported in the article [88199]. (b) harm: There is no mention of any individuals being physically harmed due to the software failure incident reported in the article [88199]. (c) basic: There is no mention of people's access to food or shelter being impacted because of the software failure incident reported in the article [88199]. (d) property: The software failure incident resulted in the unauthorized use of Jack Dorsey's Twitter account to publish offensive tweets, including bomb threats, racial slurs, and praise for Adolf Hitler. This impacted Dorsey's personal account and reputation [88199]. (e) delay: There is no mention of people having to postpone an activity due to the software failure incident reported in the article [88199]. (f) non-human: The software failure incident involved the hacking of Jack Dorsey's Twitter account, which is a non-human entity. The hackers posted offensive tweets and bomb threats using Dorsey's account [88199]. (g) no_consequence: The software failure incident had real observed consequences, such as offensive tweets being posted from Jack Dorsey's Twitter account and the potential security breach [88199]. (h) theoretical_consequence: There were potential consequences discussed, such as the possibility of a Sim swap attack enabling hackers to change a target's social media passwords and intercept two-factor authentication messages. However, it is mentioned that Twitter confirmed no indication that their systems were compromised [88199]. (i) other: There is no mention of any other specific consequences of the software failure incident reported in the article [88199].
Domain information (a) The software failure incident involving the hacking of Jack Dorsey's Twitter account is related to the information industry. Twitter is a social media platform primarily used for the production and distribution of information [Article 88199].

Sources

Back to List