New Delhi: The hacking of Prime Minister Narendra Modi’s Twitter account on 12 December is not the first instance which has exposed the serious lapses in the company’s data security measures. The recent development has also led to concerns regarding how large companies are being allowed to escape accountability for their “lapses” among the security establishments as such “hijack” of the PM’s Twitter account can cause major financial and strategic damages.
In a similar case that happened in the United States, Twitter was severely indicted for these lapses. In June 2010, Twitter entered into a settlement with US’s Federal Trade Commission (FTC) after FTC filed a complaint against Twitter for “deceiving consumers and putting their privacy at risk by failing to safeguard their personal information”.
The FTC was forced to initiate the action against Twitter after serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including access to non-public user information, tweets that consumers had designated private.
It also allowed hackers the ability to send out phony tweets from any account, including those belonging to then-President-elect Barack Obama and Fox News, among others.
Under the terms of the settlement, the FTC barred Twitter for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of non-public consumer information, including the measures it takes to prevent unauthorized access to non-public information and honour the privacy choices made by consumers.
The FTC also ordered Twitter to ensure that it establishes and maintains a comprehensive information security program, which will need to be assessed by an independent auditor every other year for 10 years.
In the present incident, involving the hacking of the account of the Indian PM, sources in Twitter told The Sunday Guardian that as per their investigations, “It appears that the account was not compromised due to any breach of Twitter’s systems”, thereby indicating that the lapses that led to the “compromise” of his account happened at the end of the officials who handle the PM’s Twitter account.
While sharing the company’s response, a Twitter spokesperson told The Sunday Guardian, “We have 24X7 open lines of communication with the PM’s Office and our teams took necessary steps to secure the compromised account as soon as we became aware of this activity. Our investigation has revealed that there are no signs of any other impacted accounts at this time.”
On 12 December, Modi’s Twitter account was hacked with a message saying India had adopted bitcoin as legal tender and would distribute it to all citizens. The tweet was later deleted with a statement from the Prime Minister’s Office stating that the “account was very briefly compromised”.
This is not the first time that the Prime Minister’s account has been hacked, Earlier, in September 2020, it was hacked by an unknown group which posted messages seeking donations for the PM National relief fund through crypto currencies.
In 2010, the Federal Trade Commission had found that contrary to its statements regarding safety of its users, Twitter has engaged in a number of practices that, “taken together, failed to provide reasonable and appropriate security to: prevent unauthorized access to non-public user information and honour the privacy choices exercised by its users in designating certain tweets as non-public. In particular, Twitter failed to prevent unauthorized administrative control of the Twitter system”.
The FTC had found that between January and May 2009, intruders exploited the failures in Twitter to obtain unauthorized administrative control of the Twitter system. Through this administrative control, the intruders were able to: (1) gain unauthorized access to non-public tweets and non-public user information, and (2) reset any user’s password and send unauthorized tweets from any user account.
Intruders were able to send unauthorized tweets from user accounts, including one tweet, purportedly from Barack Obama, that offered his more than 150,000 followers a chance to win $500 in free gasoline, in exchange for filling out a survey. Unauthorized tweets also were sent from eight other accounts, including the Fox News account.