A suspected South Korean hacker group briefly took control of a Twitter handle associated with Prime Minister Narendra Modi’s personal website on Thursday, claiming it wanted to clear its name of a previous hacking incident that it said had been wrongly attributed to it.
On Thursday, hackers who identified themselves as ‘John Wick’ (also the name of a Hollywood film series) sent out several unauthorized tweets that have now been deleted.
“Yes, this account is hacked by John Wick. We have not hacked PayTM Mall,” the hackers wrote in a tweet sent through the hacked account. The attackers who breached the e-commerce platform demanded a ransom of $4,000 for the data they stole.
Unlike the Twitter hack in July, where important personalities like Bill Gates’ accounts were hacked, this was a fault at the user’s end. Twitter confirmed that the hack had no relation to the July incident and that its systems hadn’t been compromised. This means that the hackers gained access by compromising one or more people who handle the Twitter account for the PM’s personal website.
Sudar Balasubramaniam, managing director-India and Saarc, at Check Point Software, said the hack “indicates that coordinated social engineering attacks are becoming the norm”. Such attacks can usually be avoided by ensuring proper security protocols at both the individual and organizational levels.
A spokesperson for Twitter confirmed that the web page—@narendramodi_in—associated with the PM’s website, narendramodi.in, was compromised. Shortly after 3am, several posts were made, some of them urging people to donate to a cryptocurrency wallet that the hackers said was linked to the “PM National Relief Fund”.
“There is no other intention to hack this account. Recently, fake news of our name saying PayTM Mall [was] hacked by us. So we sent an email to all news publishers in India [that] it’s not us, no one replied, so we decided to post something,” said a person who responded from the email address that was posted in one of the tweets after the hack, Hindustan Times reported. The tweets have since been taken down.