Telco Security
High SeveritySIM SwappingSocial EngineeringAugust 2019

Twitter CEO SIM Swap Attack (2019)

High-profile SIM swapping attack targeting Twitter CEO Jack Dorsey, resulting in unauthorized posts to his Twitter account and highlighting critical vulnerabilities in SMS-based authentication systems.

Date
Aug 30, 2019

Several hours duration

Victims
1

High-profile target

Financial Impact
$100K+

Incident response costs

Region
USA

United States

Attack Summary

Background

On August 30, 2019, Twitter CEO Jack Dorsey's account was compromised through a SIM swapping attack. The attack became public when unauthorized tweets appeared on his verified Twitter account, exposing vulnerabilities in SMS-based two-factor authentication and carrier security procedures.

Discovery

The attack was discovered when offensive tweets appeared on @jack's account. Twitter's security team quickly identified the compromise and began incident response procedures. The attack was part of a broader trend of SIM swapping attacks targeting high-profile individuals.

Scope

While only one account was directly compromised, the incident had far-reaching implications for SMS-based authentication security, carrier verification procedures, and the security of high-profile accounts across all platforms.

Attack Methodology

Attack Method

Social engineering followed by SIM card transfer

  • Attackers gathered personal information about Jack Dorsey through OSINT
  • Used social engineering to convince carrier representatives
  • Transferred phone number to attacker-controlled SIM card
  • Bypassed SMS-based 2FA to access Twitter account

Carrier Compromise

The attackers successfully convinced mobile carrier customer service representatives to transfer Jack Dorsey's phone number to a SIM card controlled by the attackers. This was achieved through social engineering techniques and potentially insider assistance.

Account Takeover Process

  1. Phone number transferred to attacker's SIM card
  2. SMS-based password reset initiated for Twitter account
  3. Reset code received on attacker-controlled phone
  4. Account access gained through Cloudhopper service
  5. Unauthorized tweets posted to @jack account

Posting Mechanism

The unauthorized tweets were posted through Cloudhopper, a service that allows posting to Twitter via SMS. This added an additional layer of complexity to the attack and demonstrated the attackers' knowledge of Twitter's infrastructure.

Attack Timeline

15:00

SIM Swap Executed

Phone number transferred to attacker's SIM card

15:30

Account Compromise

Twitter account accessed via SMS-based authentication

15:45

Unauthorized Posts

Offensive tweets posted to @jack account

16:15

Attack Detected

Twitter security team identifies and responds to incident

17:00

Service Restored

Account secured and unauthorized content removed

Impact Assessment

Financial Impact

Direct Costs

$100K+

Incident response

Stock Impact

Temporary negative impact on Twitter stock price

Regulatory Attention

Increased scrutiny from regulators

Operational Impact

Service Disruption

Brief disruption to high-profile account

Reputation Damage

Significant impact for Twitter and carrier

Security Review

Comprehensive authentication mechanism review

Privacy Impact

Data Exposed

Phone number control, account access

Public Exposure

Offensive content posted to millions of followers

Trust Impact

Reduced confidence in SMS-based 2FA

Lessons Learned

Key Lessons

  • SMS-based 2FA is vulnerable to SIM swapping attacks
  • High-profile individuals require enhanced security measures
  • Social engineering remains a significant threat vector
  • Need for multi-layered authentication approaches
  • Importance of rapid incident detection and response

Preventive Measures

Use App-Based 2FA

Replace SMS-based 2FA with app-based authenticators or hardware security keys

Carrier Account Protection

Implement carrier account PINs and additional verification procedures

Behavioral Analysis

Deploy behavioral analysis for account access patterns and anomaly detection

Enhanced Verification

Implement enhanced verification procedures for SIM changes and account modifications

Security Awareness

Regular security awareness training for high-profile users and account holders

Related Resources
Additional information and related case studies

SIM Attack Vectors

Comprehensive guide to SIM swapping and related attack techniques

Cryptocurrency SIM Swap Heists

Analysis of SIM swapping attacks targeting cryptocurrency investors

SIM Swap Prevention Guide

Practical strategies to protect against SIM swapping attacks

Security Testing Methodology

Framework for testing and validating mobile security controls