Doubleswitch: Hackers hijack Twitter accounts of activists and journalists to spread fake news

Hackers are now targeting the Twitter accounts of human rights activists and journalists in an attempt to spread fake news in a new social media attack. The attack, dubbed "DoubleSwitch" has been observed in Venezuela, Bahrain, Myanmar and Mexico so far.

According to digital rights group Access Now, hackers take over the account of an unsuspecting victim and switch out the password and linked email address to lock out the legitimate user.

Hackers use various methods to gain access to their victims' Twitter accounts, which are often 'verified' and have large followings, such as through phishing attacks.

The attackers then change the accounts' usernames, freeing them up to be used again, and then create a brand new account using the original username.

The hackers also link both accounts to a new email address so they receive any emails regarding the victim's fervent attempts to recover their accounts.

"When these victims attempted to recover their accounts, Twitter's confirmation emails went to the hijackers, who pretended that the issue had been resolved," the group said. "The hijackers then proceeded to delete one of the original accounts, making it even harder for the victim to recover it."

The Twitter accounts of Miguel Pizarro - a member of Venezuela's parliament - and journalist Milagros Socorro were both hijacked using this new attack method. Access Now told IBTimes UK that another journalist was targeted as well, but it was not authorised to reveal the media person's name.

Although they were able to eventually recover their accounts, hackers had already exploited their compromised accounts to spread fake news, delete past tweets and harm their reputation.

"The main problem with this attack is that it is hard to identify unless the victim keeps track of all the username changes," Access Now said. "If the victim doesn't know at least the last username for the original account, then recovering it would be even harder."

It added that this attack is also difficult to identify due to the confusion it creates.

"There are probably more instances of this issue where we didn't detect it and many more where the users simply gave up trying to recover the account," the group said.

Fake news is already shaking up Venezuela amid the political unrest and ongoing clashes between protesters and police as the Latin American country's government expands online surveillance and increasingly censors its internet and media.

"There are serious consequences to this form of attack," Access Now said. "Victims like Socorro and Pizarro lose time from their human rights work or journalism and the ability to communicate with their followers. The hijacker can exploit and abuse a victim's reach and influence, damaging their reputations.

Access Now warns that Doubleswitch attacks can be carried out on other social media platforms such as Facebook and Instagram. However, users can protect themselves by enabling two-factor authentication.

"We recognise the risk of malicious actors seeking to mislead people," a Facebook spokesperson told Mashable in a statement. "For our part, we are taking a multifaceted approach to help mitigate these risks, such as building a combination of automated and manual systems to block accounts used for fraudulent purposes, and we continue to encourage people to use two-factor authentication.

"As Access states, two-factor (multi-factor) authentication is an important security feature that Facebook offers to people that makes it much harder for an account to be compromised in the first place."