RSS trying to capture institutions: Rahul Gandhi

Days after Twitter accounts of several billionaires were hacked to engineer a crypto scam, Twitter on Saturday said it is embarrassed, disappointed and, more than anything, sorry for what happened with some of its high-profile users as attackers successfully manipulated its employees and used their credentials to access internal systems, including getting through the two-factor protections.

In the first detailed summary of the "social engineering attack" via a crypto scam that hit at least 130 users this week, Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.

"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the micro-blogging platform said in a statement.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.

This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.

"We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts," said Twitter.

The company said the attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.

"Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools," informed Twitter.

In cases where an account was taken over by the attacker, they may have been able to view additional information, Twitter added, saying its forensic investigation of these activities was still ongoing.

"We are actively working on communicating directly with the account-holders that were impacted".

The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.

The New York Times reported on Friday that the Twitter crypto scam can be traced back to a group of hackers who congregate online at OGusers.com, a username-swapping community where people buy and sell coveted online handles.

The report said that the Twitter hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother".

Guwahati, Feb 13: Hours after Assam's updated citizenship data disappeared from the website 'nrcassam.nic.in', an FIR was filed against a former NRC official for allegedly failing to submit the password to the sensitive document before quitting her job.

Talking to news agency on Thursday, NRC state coordinator Hitesh Dev Sarma said the complaint against former NRC project officer was filed under Official Secrets Act in Paltan Bazar police station here, as she "did not provide the password to the document, despite written reminders".

"She failed to surrender the password even after tendering her resignation on November 11 last year. She was a contractual employee and no longer authorised to hold the password, after quitting her job. An FIR has been filed against the former NRC project officer on Wednesday for violating the Official Secrets Act," he said.

Sarma also stated that the NRC office had written to her on several occasions for submitting the password, but did not get any response.

"We knew (she had resigned) and, therefore, sent several letters to her for handing over the password. But as she did not respond all these months, we filed a complaint against her yesterday for violating the Official Secrets Act.

"We must know if she has tampered with the sensitive information, after resigning," he added. The NRC state coordinator, however, refuted allegations of "malafide intent" involved in the matter.

"...this (cloud service provided by IT major Wipro) was not renewed by the earlier coordinator. So, the data went offline from December 15 last year. I assumed charge only on December 24," Sarma, who had gone on leave for a weeks after being appointed as the NRC state coordinator, clarified.

He also said that the state coordination committee had discussed the issue in its meeting on January 30 and wrote to Wipro during the first week of February.

"Once Wipro makes the data live, it will be available to the public. We hope that people will be able to access it in the next 2-3 days," Sarma claimed.

Reacting to the development, Wipro had said: "The IT Services Contract was not renewed by the authorities upon its expiry in October, 2019. However, as a gesture of goodwill, the company continued to pay the hosting service fee until January-end, 2020."

In another FIR filed with state criminal investigation department on Wednesday, NGO Assam Public Works (APW) alleged that former NRC Assam coordinator Prateek Hajela tampered with the final NRC list - published on August 31, 2019.

APW member Rajib Deka, in his complaint, accused Hajela of disobeying orders and directions of the Supreme Court, forgery of public register and committed offences under cyber laws for altering or changing public records by misusing his powers and position.

The NGO also said that after publication of the final list, several social networks and sections of the media had reported anomalies, insisting that many 'doubtful' persons were able to insert their names in the final list.

The Centre on Wednesday asserted that NRC data in Assam was safe even though some technical issues have been detected, which would be resolved soon.

Senior journalist-cum-RTI activist Saket Gokhale had sent an application to the NIC, the IT wing of the government, seeking a copy of the contract with Wipro.

"The Assam NRC data suddenly vanishing from the website (& the lack of data security) is incredibly shady. I've filed an RTI with the NIC specifically asking about details of the contract with Wipro, name of the cloud service provider, & all contracts signed for hosting this," he tweeted, while attaching a copy of the RTI application.

Leader of the Opposition in Assam Assembly and Congress leader Debabrata Saikia has also written to the Registrar General of India, requesting him to look into the fiasco urgently.

"It is a mystery as to why the online data should vanish all of a sudden, especially as the process to file appeals was yet to begin, all because of the go-slow attitude adopted by the NRC Authority. There is, therefore, ample scope to suspect that disappearance of online data is a malafide act," he had insisted.

New Delhi, Jun 1: The Directorate General of Civil Aviation (DGCA) on Monday asked airlines to allot seats in flights in such a manner that middle seats are kept vacant to the extent possible.

However, if a flyer has been allotted the middle seat due to a high passenger load "then additional protective equipment like the wrap-around gown of the Ministry of Textile approved standards" must be provided to that passenger in addition to three-layered face mask and face shield, said the DGCA order, which has been accessed by news agency.

India resumed its domestic passenger flights from May 25 after a gap of two months due to the coronavirus-triggered lockdown. International commercial passenger flights continue to remain suspended in the country.