The Big B(reach)

The last time Adnan Sami and Amitabh Bachchan made headlines together was perhaps in 2002 when their foot-tapping music video Kabhi Nahi released. But the duo found themselves in the news again this week, unwittingly this time, as both saw their Twitter accounts being hacked by a Turkish hacker group called ‘Ayyildiz Tim’. Amitabh Bachchan was the first to face the brunt of the group’s malicious actions as his profile picture, cover photo and Twitter bio was meddled with on Monday night. The attacker replaced Big B’s profile picture with Pakistani Prime Minister, Imran Khan’s photograph, while his bio was replaced with the statement “Actor, well at least some are STILL saying so!! Love Pakistan. (sic)” The group also tweeted multiple messages from the superstar’s account and one read, “This is an important call to the whole world! We do condemn the irrespective behaviours of Iceland republic towards Turkish footballers. We speak softly but carry a big stick and inform you about the big Cyber attack here. (sic)”

Shortly afterward, on Tuesday, Adnan Sami fell prey to the group’s mischief as, in a similar fashion, his profile picture too was changed to that of Imran Khan’s, while his bio was replaced with the text “Ayyildiz Tim Love Pakistan. (sic)” Multiple messages were posted from Adnan’s account too, with one reading, “Whoever shows the courage to betrayal our brother country Pakistan know that you will see Pakistan’s prime ministers photo and Pakistan flag as profile picture (sic).” As always, Twitter users immediately capitalised on the actors’ misfortunes as memes began to flow in abundance, with many harkening back to their 2002 track.

While both celebrities got their profiles restored to normal with some timely action, this isn’t the first time the hacker group has targeted celebrity accounts. Last year, Anupam Kher, Nimrat Kaur and Abhishek Bachchan, among other VIPs, saw their accounts being hacked by the same Turkish group. Aveek Sen, an expert on cybersecurity and India’s neighbourhood, tells us how security was breached. “Celebrity accounts were hacked through malicious links,” he says, and adds, “Basically, the link is sent via DMs (Direct Messages). When the celebrity clicks on it, they are redirected to a Twitter login page. When you enter your details and log in, your account gets hacked.” But that’s not all as the hackers make it difficult to log out of the hacked account as well. “On logging in, you are redirected to another page where Bitcoin mining is underway. This increases CPU and RAM usage, causing your device to lag,” says Aveek. He is currently working on finding out more about the group and suggests that it is not actually a Turkish group, but a Pakistani group under a false identity. “Though the group claims to be Turkish, I see it as a Pakistani group acting under a false flag. If you see, they have uploaded the picture of Imran Khan, and you’ll find ‘Pakistan Zindabad’ slogans, but there were no slogans on Turkey,” he reasons.

Cybercrime investigator, Ritesh Bhatia, however, says that, at this point, not much is known about the true identity of the group, adding, “As far as it’s being a ploy to flair communal tensions, that’s mere speculation.” But the investigator does feel that hacking a celebrity account can have serious repercussions because of the large number of followers they tend to have. Also, since many celebrities outsource social media handling to agencies, it becomes hard to find out whose device has been breached.

To secure one’s account, Ritesh feels that the best way forward to is have two-factor authentication for devices and accounts. “This means that whenever you’re logging in, you will have to also enter an OTP or some other kind of authentication. So, besides your password, this offers you another layer of security,” he explains. Alternatively, the investigator suggests sticking to just one highly secured device to operate social media accounts. “The device used should be only for social media, and no other apps should be installed, because when you install other apps, you end up giving the apps permission to access other data on your phone. And this could compromise the security of your phone,” says Ritesh.

The other way to guard against a hacking attack is to stay vigilant about malicious emails. Explaining how malicious links end up getting clicked, despite one knowing better, Rakshit Tandon, a cybersecurity expert says, “Hackers use social engineering to compromise your id and send you fake links. Those links can be threatening or even humourous to peak your curiosity. The hackers start off by compromising your network, which means that they first hack a friend or relative’s account. And then through the acquaintance’s account, you will get a mail that’s designed to be compelling, so that you click on the link listed in the email. That link will take you to a page asking you to fill in your credentials. This is how accounts are compromised. Sometimes, one even gets demands for money for fake adversity,” he informs us.

However, the cybersecurity expert urges one and all to take legal recourse if confronted with a hacking attack. He says, “Hacking dishonestly and fraudulently any digital identity is a punishable offense under Section 66C of the IT Act. Further, posting obscene or defamatory content too is punishable under the IT Act. The punishment ranges from three to five years. So, one should report it to the cybercrime authorities,” he concludes.