Hackers Spreading Islamic State Propaganda By Hijacking Inactive Twitter Accounts

Hackers are taking advantage of an old flaw to attack Twitter accounts that are no longer active to disseminate terrorism and Islamic State ideology.

Among the hijacked accounts, there are some that have been inactive for a very long time, and some have been not used just recently. It is not difficult to find out that these accounts have already been compromised with a shift in language or the tone. Sometimes the tweets came in Arabic or carried content praising Allah. Occasionally these accounts retweeted propaganda from other accounts.

Most of these accounts have already been suspended by Twitter, but some still remain active.

Hackers can hijack these inactive accounts by exploiting the lack of email confirmation of Twitter. In June 2018, Twitter took action to stop new accounts from being created by requiring email or phone number confirmation. However, most of the accounts created before this policy stay unconfirmed.

Accounts that are no longer active on Twitter before are never entirely deleted from the platform and emails used to create those accounts may have expired or not even existed. This facilitates hackers to access old Twitter accounts through creating new email addresses.

WauchulaGhost, a security researcher and a hacker, who looks into and interrupts with the so-called Islamic State's online activities, said:

He discovered one now-suspended account and many no-longer-active accounts, which the hackers had hijacked.

His theory was that the hackers can create an email address, then ask for a password reset, and they just need to click on the link provided in the email. Most of the inactive accounts that he tested hadn't had any register emails. The email addresses are somewhat hidden, but you can still guess the number of characters in an email. These email accounts are usually their Twitter account names at "@ yahoo.com" or "@ hotmail.com."

WauchulaGhost found that many accounts with email addresses are almost identical to their account names, so it is pretty easy to take over these accounts. Many of the hacked accounts disseminating propaganda were later suspended by the platform. It looks like the hackers don't even care to change these accounts' bios.

In a tweet, hackers posted blatant and gruesome calls for violence and terrorism, roughly translated "... with your cars, let's go pack, you bomb, go with a bomb, you go in any way. ” Moreover, there are tweets calling for shooting and killing Christian people and turning Christmas night into horror and grief. These statements violate basic Islamic teachings. And calling for violence targeting non-Muslims is prohibited in the Qur'an.

Twitter claimed that this is not their responsibility, but they are doing everything to resolve this problem.

Besides the lack of confirmation from Twitter's side, email providers such as Yahoo and Hotmail are partly responsible for this problem. Currently, not only Twitter is suffering from this situation, but Facebook is also struggling with account being hijacked via expired email accounts.

However, the research claimed that Twitter should share the blame for the hijacking of accounts.

Twitter has started deleting invalid accounts since August 2015, and in early 2018 it has already suspended more than 205,000 accounts posting violent advertisements and content. According to Twitter, the number of suspended accounts is currently decreasing after each period because they are applying technologies to detect and prevent illegal content.

The engineers at Twitter suspended and prevented most of the hijacked accounts they discovered, however, there were still some working which accounted for one-fourth of the suspended accounts.

Twitter acknowledges its problem. However, with other tech companies are also partly at fault, there has yet to be a solution to completely fix this.