Published on April 13th, 2022 📆 | 2668 Views ⚑
0Experts urge politicians improve cybersecurity after San Jose mayor hacked
https://www.ispeech.org/text.to.speech
Cybersecurity experts are urging public officials to beef up their online security in the wake of San Jose mayorâs Twitter account getting hacked.
An unknown person or group briefly hijacked Mayor Sam Liccardoâs Twitter account last week and used the account to promote non-fungible tokens or NFTsâa digital product similar to cryptocurrency. Liccardoâs office referred questions about the hack from San JosĂŠ Spotlight to the cityâs chief information officer.
Some experts say this incident highlights the need for public officials to diligently practice digital security hygiene. While some hackers want to exploit social media accounts for financial scams, others may want to impersonate public officials and spread misinformation. Both scenarios have dangerous consequences, experts claim.
âThis kind of attack has a real potential to undermine peopleâs trust in democracy and democratic institutions,â Leigh Honeywell, CEO of Tall Poppy, a startup that helps companies protect employees from online harassment, told San JosĂŠ Spotlight. â(Social media) is part of (a politicianâs)Â public presence and they should be taking the steps needed to keep things safe.â
Honeywell noted taking precautions as a public official is especially critical in a day and age where massive data breaches at major institutions and companies, such as LinkedIn and Dropbox, have exposed personal information from hundreds of millions of emails and digital accounts. Having an account exposed in a breach doesnât mean someone will get hacked, but it indicates the security has been compromised, making it vulnerable to exploitation by a bad actor.
As an example of how widespread this problem has become: the government email accounts for each San Jose council districtâand the mayorâhave appeared in multiple data breaches, according to the website haveibeenpwned.com, which tracks this information.
City employees and officialsâincluding Liccardoâhave complained the cityâs Microsoft Outlook email system is unreliable because itâs slow and prone to crashing. This may have contributed to Liccardoâs tendency to use his private email account to conduct public businessâa habit that prompted the First Amendment Coalition and San JosĂŠ Spotlight to sue him and the city for withholding public records and allegedly violating the stateâs transparency laws.
Experts familiar with Liccardoâs hack said itâs unlikely he was targeted because of his position as mayor. Oftentimes hackers gain access to accounts after usernames and passwords are used on multiple platforms. When one of those platforms is breached, hackers may sell the data to bidders on the dark web, who can employ a variety of techniques to break into accounts, usually for financial gain.
Politicians are more visible as targets to hackers, and social media makes them more so. Many constituents rely on platforms like Facebook or Twitter to get updates from their representatives, making it imperative that lawmakers not let their accounts get hijacked to spread misinformation.
âSocial media has increasingly become a vital, and Iâd say inescapable, public forum for elected officials to communicate with their constituents,â state Sen. Dave Cortese told San JosĂŠ Spotlight. âThe new security threats all public platforms are facing in our digital age is alarming, and my office takes steps to regularly update our online security measures to mitigate these risks.â
Ahmed Banafa, an engineering professor at San Jose State University and cybersecurity expert, said the most common way hackers break into accounts is through phishing emails. These messages look innocuous, but usually contain malware that allows a hacker to obtain a personâs personal information or surveil their device.
He said people should use multi-factor authentication for their devices, such as requiring a text confirmation from their phone to access their email account. Other experts also recommend using password manager programs to keep track of and randomize passwords, which helps harden security.
âItâs inconvenient, but thereâs always this tradeoff between convenience and security,â Banafa told San JosĂŠ Spotlight, adding public officials should also make sure to update their software and hardware. âEvery vulnerability is a golden gate opening for the hackers.â
Rob Lloyd, San Joseâs deputy city manager and chief information officer, declined sharing specific steps the mayorâs office or the city have taken to bolster cybersecurity, saying publicizing this information could give technical insights to bad actors.
âIn general, there are security controls in place and training provided, as well as updates if a specific tactic is detected that shows success,â he told San JosĂŠ Spotlight, noting the cityâs cybersecurity office performs a post-review on hacker tactics. He added the city provides guidelines and cybersecurity training for all officials and employees throughout the year and updates training monthly.
Lloyd said there are periodic attacks on high profile social media accounts. He added the city urges all social media users to use multi-factor authentication.
âCriminals are using very convincing phishing (email) and smishing (text message) attacks that many people have experienced receiving,â he said.
Contact Eli Wolfe at [email protected] or @EliWolfe4 on Twitter.
Gloss