Call to boost state’s social web security
ALBANY — New York’s Department of Financial Services is calling for greater cybersecurity oversight for social media companies in a report detailing a major hack targeting Twitter.
The agency slammed the social media giant for letting itself be duped by a “simple” social engineering technique after a Florida teen allegedly orchestrated the July 15 attack which saw accounts, including those of Tesla head Elon Musk and former President Barack Obama, used to steal more than $118,000 worth of cryptocurrency from Twitter users.
“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” said Superintendent of Financial Services
Linda Lacewell. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.”
The report recommends an oversight council be established to “designate systemically important social media companies” and says a regulator should be appointed to “monitor and supervise” the security practices of mainstream social media platforms.
The state’s investigation found that the hackers broke into Twitter’s internal systems by calling employees and claiming to be from the company’s tech department, tricking four employees into handing over their log-in credentials.
Hackers then accessed the Twitter accounts of politicians and celebrities, including Kim Kardashian West, Jeff Bezos, Musk and others to tweet out a scam to millions of users.
Twitter confirmed that a “phone spear-phishing” attack was used to gain credentials after the attack.
The scam tweets, which promised users could “double your bitcoin,” contained links allowing payments in bitcoin and led to more than $118,000 being stolen.
Gov. Cuomo said the report “demonstrates a regulatory gap that must be filled if we are to protect our financial and political systems from cyber-attacks and misinformation campaigns.”
“Americans increasingly use and rely on these social media platforms, which means there is no room for weak leadership, systemic errors or flawed cybersecurity when it comes to protecting users and content,” he added.
“New York will not hesitate to take the lead with responsible measures that protect our citizens.”