Twitter handle linked to PM’s portal hacked
A Twitter account linked to Prime Minister Narendra Modi’s personal website was purportedly compromised early on Thursday, with a series of tweets sent out by an individual or a group identifying themselves as “John Wick” who later told HT that the hack was meant to clear their name in a separate breach involving a popular e-commerce website.
A Twitter spokesperson confirmed that the page -- @narendramodi_in – associated with the PM’s website narendramodi.in, was compromised. Shortly after 3am, several posts were made, including some urging people to donate to a cryptocurrency wallet that the hackers said was linked to the “PM National Relief Fund”.
“There is no other intention to hack this account. Recently fake news of our name saying PayTM Mall [was] hacked by us. So we have sent email to all news publishers in India [that] it’s not us, no one replied, so we decided to post something,” said a person who responded from the email address that was posted in one of the tweets after the hack. The tweets have since been taken down.
To a query from HT, a spokesperson from Twitter said in an email: “We’re aware of this activity and have taken steps to secure the compromised account. We are actively investigating the situation. At this time, we are not aware of additional accounts being impacted.”
Questions to the Prime Minister’s Office about the alleged hacking did not elicit a response till the time of filing this copy.
The hackers did not respond to questions on how they carried out the hack and whether it was a compromise of the Twitter account itself, but identifiers seen on screenshots suggested the tweets were made using a tool titled “narendramodi_tweets_apps”.
The hacker suggested that this was done by breaking into the website narendramodi.in, and not the Twitter account. “Yes, 100% not secured,” said this person, when asked if they exploited something called an API, which allows people to access and send out tweets without accessing an account through Twitter.com.
“They have to increase the security and invest in people like us,” the hacker said.
On August 30, US-based cyber security firm Cyble reported that a hacking group identifying itself as John Wick “was able to gain unrestricted access to the entire databases” of PayTM Mall, an online retail venture of the popular payments app PayTM. PayTM later issued a statement saying it was investigating the breach and assured that user data was safe.
“We don’t yet know the root cause of this incident so it is difficult to say whether there was a security standards issue involved. The best we can do is to remind people to activate two-factor authentication for their accounts,” said Baptiste Robert, a French cyber security engineer who is better known by his online alias Elliot Alderson and has brought to light several major vulnerabilities in Indian government-run websites and services.
A person aware of the preliminary analysis at Twitter, who asked not to be named, said “there was no indication or evidence at this stage of any correlation between this account compromise and the incident that took place in July”. The reference was to the breach of Twitter’s internal systems through which hackers similarly solicited payments in digital currency by making posts from the accounts of US presidential candidate Joe Biden and former US president Barack Obama and billionaire Elon Musk.
The page @narendramodi_in is followed by 2.5 million users and is a platform for disseminating news about the PM’s activities, his statements and addresses.
It was not immediately clear if any money was sent into the cryptocurrency account posted in the hacked tweets.