Twitter got hacked. Could SSI prevent it?

blog
July 25,
2020

Twitter got hacked. Could SSI prevent it?


Cybercrime is on the rise. This time, the hackers got access to internal tools of Twitter and compromised high-profile and corporate Twitter accounts. Twitter reported that the attackers targeted 130 accounts, including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama and accounts of Uber and Apple (see Financial Times, BBC and CNBC).

 

Twitter has shed some light on the attack by tweeting that hackers compromised their internal systems. The hack has revealed that one can tweet on behalf of another individual without even knowing their password. Why is this so alarming? The ability to control accounts and publish content on behalf of another individual can have severe consequences, and a similar attack could happen to any social media or online blog/news service.

In the diagram below, we demonstrate how Mallory (hacker) tweeted from Alice’s account and thus tricked Bob into sending him a Bitcoin: 

Could we prevent this?

Yes, if Alice had the possibility to digitally sign her tweets, and thus protect the integrity of her content. This way, even if Bob would receive a malicious tweet, he could quickly verify that the tweet is not signed by Alice and would have never sent that 1 BTC to Mallory.

Self-sovereign identity (SSI) is a perfect fit for solving this issue, as the solution enables users to fully control their electronic identity, request/exchange verifiable credentials, sign electronic documents, authenticate, etc.

Let us show you how SSI could help out Twitter:

A Twitter Mobile App featuring SSI would require all users of this social network (Alice, Bob and even Mallory) to create self-sovereign identities, register them in one of the publicly-available SSI registries (DID registry) and then link their SSIs with Twitter accounts.

In this case, Alice would have her private key stored securely on her device, so she could use it every time she wanted to sign her Tweets before publishing them on Twitter. Bob’s Twitter App with built-in SSI support would then verify the signature and confirm that the Tweet really comes from Alice. If the hacker Mallory wanted to scam Bob by sending a Tweet from Alice’s account using Tweeter’s internal tool, she wouldn’t be successful! She could still send him the Tweet, but Bob’s SSI App would spot right-away that the Tweet is either unsigned or worse, not signed by Alice. Thus Bob would have never given away that 1 BTC to Mallory.

We believe that the implementation of emerging technologies and concepts like SSI can help build and use better and safer digital ecosystems, offering us higher levels of trust, transparency, security and interoperability.

Let’s see if we will build the Twitter of tomorrow together, to make sure this never happens again:

Learn more about us

AceBlock is a blockchain technology framework which enables companies to develop innovative solutions on top of our modular infrastructure. One of its critical ready-made building blocks is AceID, with which any holder can present verifiable credentials everywhere online.

AceID is based on a concept of an SSI (Self-Sovereign-Identity) which promotes that digital identity becomes a right for every individual. Because it is portable, it allows online privacy and free movement between different web providers or services from one point, which is possible only when the individual becomes the owner of the data.

Give it a try and contact us at [email protected] for more.

AceBlock Team Among 21 Selected Companies in the ESSIF-LAB Funding

news
July 2,
2020

AceBlock Team Among 21 Selected Companies in the ESSIF-LAB Funding

We are happy to announce that our proposal “SSI-as-a-Service” has been selected to join the First Business-oriented Programme of eSSIF-Lab. In the first phase, comprised of a hackathon and mentorship programme, we will work to elaborate our existing AceID solution further and compete with 20 other SSI-oriented businesses to win the first round of funding and thus qualify for next phase of the competition.

The eSSIF-Lab is an EU-supported project which aims at advancing the broad uptake of Self-Sovereign Identities (SSI) as next-generation, open and trusted digital identity solution for faster and safer electronic transactions via the Internet and in real life. It was funded by the European Commission as part of the Horizon 2020 Research and Innovation Programme and is framed under Next-Generation Internet Initiative.

eSSIF-Lab is building SSI jointly with SSI ecosystem by using a cascade funding approach, meaning the framework will be built upon extensions that will be selected through the following open-calls:

• one (1) infrastructure-oriented open call targeting (20) open-source technical enhancements and extensions of their SSI framework and
• two (2) business-oriented open-calls targeting (42) commercial competitive SSI components and services.

Currently, only the participants for the first business-oriented call have been selected and announced, meaning elsewhere applications are still open or in the process of evaluation.

Below you can see proposal distributions by countries: the call has received 54 proposals from 21 countries; however 161 in total started from 24 different countries. 

We have convinced the evaluators with the proposition “SSI-as-a-service” and successfully qualified for the first part of the competition. As mentioned, the programme will follow a competitive (funnel) approach. This is, only the best participants in each stage will go on for the next one:

Stage 1: Hackathon & Proof of Concept
Duration: 1 month | Funding: up to 15.000 EUR
21 companies, including ours, have been invited to join an intensive Hackathon Event which will end with a matching of the team with a technical mentor and a business mentor. As result, a Proof of Concept and Business Roadmap will be defined, as well as an Individual Mentoring Plan.

Stage 2: Full Functionality
Duration: 5 months | Funding: up to 50.000 EUR
15 best companies of the ones in the previous stage will focus on developing a mock-up and a Prototype.

Stage 3: Customer / Use-case integration
Duration: 2 months | Funding: up to 41.000 EUR
Only the 5 best-in-class teams will reach this stage and focus on testing the MVPs with first early adopters and defining Business models and Exploitation Plan.

Learn more about us

AceBlock is a blockchain technology framework which enables companies to develop innovative solutions on top of our modular infrastructure. One of its critical ready-made building blocks is AceID, with which any holder can present verifiable credentials everywhere online

AceID is based on a concept of an SSI (Self-Sovereign-Identity) which promotes that digital identity becomes a right for every individual. Because it is portable, it allows online privacy and free movement between different web providers or services from one point, which is possible only when the individual becomes the owner of the data.

Give it a try and contact us at [email protected] for more.