Hackers have reportedly begun using inactive Twitter accounts to spread propaganda on behalf of the Islamic State, thanks to a bug on the platform that has existed for a decade.
TechCrunch reports that internet hackers have begun using a decade-old bug in Twitter’s system to hijack dormant accounts in order to spread propaganda for the Islamic State. Many accounts that have been dormant for months or even years are suddenly tweeting in different languages, often a single tweet in Arabic praising Allah or retweeting propaganda posted by other ISIS-linked accounts.
The hackers are reportedly taking advantage of Twitter’s previous lack of email confirmation for the creation of new accounts, in June Twitter introduced new guidelines requiring users to verify their identity with an email address or phone number but many older accounts remain unverified making them targets for hackers. Because the accounts are unverified, the email addresses used to register them often never existed in the first place, so all a hacker has to do is create the email address initially used to create the account in order to reset the account’s password and gain access.
The hacker and security researcher known as WauchulaGhost, who actively works to disrupt the online efforts of the Islamic State, commented on the latest activities of ISIS stating: “This issue has been around for a while but no one really knew and took advantage of it. Now, we have Islamic State supporters that have figured it out.”
Many of the hijacked accounts have since been deleted by Twitter but some remain active, posting videos of Islamic State fighters speaking Arabic and wielding weapons. Other accounts simply posted tweets praising violent terrorist attacks or retweeted similar sentiments from other accounts. One tweet used an Islamic State hashtag and wrote: “…with your cars, let’s go pack, you bomb, go with a bomb, you go in any way,” while another account called on Muslims to “kill these Christians wherever you find them.”
Twitter says while they’re attempting to fix the issue, they don’t believe it to be their responsibility. “Reusing email addresses in this manner is not a new issue for Twitter or other online services,” a Twitter spokesperson told TechCrunch. “For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure.”