Attackers will find ways around security measures if the target is “juicy” enough, a senior director from the National Cyber Security Centre (NCSC) has warned in the wake of Twitter boss Jack Dorsey’s account being compromised.
Last week, an account on the social network belonging to Mr Dorsey was hacked, sending racist and vulgar tweets to his 4.2 million followers, such as “Hitler is innocent”.
At the time, Twitter said the perpetrator was able to tweet from the account using text messages, after the phone number associated with the account “was compromised due to a security oversight by the mobile provider”.
Following the incident, Twitter decided on Wednesday to disable the feature temporarily, saying: “We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this).”
Two-factor authentication is an extra layer of security protection, which allows people to receive a temporary code sent via text message in order to log in to an account, but NCSC deputy director for cyber skills and growth Chris Ensor said attackers are willing to put in the effort if the result is worth it.
“If the target is juicy, people will put lots of effort into it but they won’t do that for everybody,” he told the PA news agency and other attendees at the Kent Cyber Security Forum.
“So two-factor authentication is the next step – it does provide that extra level of confidence that your accounts will be safe.
“People will find ways around it, but that will be the exception.
“People will spend a lot of time, if the reward is worth it.
“It’s commensurate with if you’re a high-profile person or large organisation, you’re going to have people going out for you who are prepared to spend the money and the effort doing it, and therefore you may have to put more measures in.”
Sending tweets via SMS is one of Twitter’s older features and it is not clear how many people still use it now mobile apps are commonplace.
“We’ll reactivate this in markets that depend on SMS for reliable communication soon while we work on our longer-term strategy for this feature,” Twitter told users.