April 12, 2022
Cyber security experts are urging public officials to step up their online security following the hacking of the mayor of San Jose.
An unknown person or group briefly hijacked Mayor Sam Licardo’s Twitter account last week and used the account to promote unchangeable tokens or NFT – a digital product similar to cryptocurrencies. Licardo’s office referred questions about the break-in from San José Spotlight to the city’s chief information officer.
Some experts say this incident underscores the need for public officials to diligently practice digital security hygiene. While some hackers want to exploit social media accounts for financial fraud, others may want to impersonate public officials and spread misinformation. Both scenarios have dangerous consequences, experts say.
“An attack of this kind has real potential to undermine people’s trust in democracy and democratic institutions,” Tall Poppy, CEO of Tall Poppy, a start-up that helps companies protect workers from online harassment, told San José Spotlight. “Some of the public presence (of a politician) and they have to take the necessary steps to keep things safe.”
Honeywell noted that taking precautions as a public official is especially critical in an age where massive information breaches in large institutions and companies, such as LinkedIn and Dropbox, have exposed personal information from hundreds of millions of emails and digital accounts. The fact that an account has been exposed in a loophole does not mean that someone will be hacked, but it does indicate a breach of security, making it vulnerable to exploitation by a bad player.
As an example of the prevalence of this problem: The government email accounts of each San Jose County District – and the mayor – have appeared in multiple data breaches, according to the haveibeenpwned.com website, which tracks this information.
City officials and officials – including Lycardo – have complained that Microsoft Outlook’s email system is unreliable because it is slow and prone to crashes. Sue him and the city for preventing public records and alleged violation of state transparency laws.
Experts familiar with Licardo’s breakout said it was unlikely he was targeted because of his role as mayor. Hackers often gain access to accounts after using usernames and passwords across multiple platforms. When one of these platforms is hacked, hackers may sell the data to bidders in the dark web, who can use a variety of techniques to hack into accounts, usually for financial gain.
Politicians are more visible as targets to hackers, and social media makes them more. Many voters rely on platforms like Facebook or Twitter to get updates from their representatives, which requires lawmakers not to let their accounts be hijacked to spread misinformation.
“Social media has increasingly become an essential, and inevitable, public forum for elected officials to communicate with their constituents,” State Senator Dave Corteza told San José Spotlight. “The new security threats facing all public platforms in our digital age are worrying, and my firm is taking steps to regularly update our online security measures to reduce those risks.”
Ahmed Banfa, an engineering professor at San Jose State University and a cyber security expert, said the most common way hackers hack into accounts is through phishing emails. These messages look innocent, but usually contain malware that allows a hacker to obtain a person’s personal information or monitor his device.
He said people should use multi-factor authentication for their devices, such as requiring text confirmation from their phone to access their email account. Other experts also recommend using password manager software to track and execute passwords at random, which helps tighten security.
“It’s inconvenient, but there’s always this switch between convenience and security,” Benfa told San José Spotlight, adding that public officials should also be careful to update their software and hardware. “Every vulnerability is a golden gate opened for hackers.”
Rob Lloyd, San Jose’s deputy mayor and chief information officer, declined to share specific steps the mayor’s or city office has taken to strengthen cyber security, saying the publication of that information could give technical insights to bad players.
“In general, there are on-site security controls and guidance provided, as well as updates if specific tactics are identified that show success,” he told San José Spotlight, noting that the city’s cyber security office is conducting a subsequent check on hacker tactics. He added that the municipality provides cyber security guidelines and training to all officials and employees throughout the year and updates the training every month.
Lloyd said there are periodic attacks on high-profile social media accounts. He added that the municipality is calling on all social media users to use multi-factor authentication.
“Criminals use very convincing phishing (email) and smishing attacks that many people have experienced getting,” he said.
Contact Eli Wolf at firstname.lastname@example.org or ### a> @ EliWolfe4 On Twitter.
San José Spotlight is the city’s first non-profit news organization dedicated to independent political and business reporting. Please support our public service journalism by clicking here.