The Case of Centralized vs. Decentralized Identity Following the Recent Twitter Hack: Part I

by | Oct 12, 2020 | Industry | 0 comments

On July 15th, 2020, Twitter encountered a “coordinated social engineering attack,” responsible for more than 95% of all cyber-attacks. The attack affected more than 100 high-profile accounts, including those belonging to the former president of the USA Barack Obama, Elon Musk, Bill Gates, and Kanye West to scam Twitter users Bitcoin. The tweets posted were almost similar and assured users a doubling of what they could send.

Besides the famous personalities, the attackers also managed to access high-tech company accounts, like Apple, Uber, and CashApp and orchestrated a similar trick.

The Primary Problem of Centralized Identity

The issue facing social media platforms, like Twitter and Facebook, is the social engineering problem. The inherent problem is that centralized systems will always be susceptible to cyber-attacks, with little fault from consumers. With all the cybersecurity attacks that have affected centralized social media platforms, the response has always been to improve their security.

The problem with this approach is that it has emerged as an arms race. As centralized platforms beef up their security, so do hackers, making it almost impossible to bring an end to the cycle of such attacks.

The Case of Decentralized Identity

High-tech firms, like Microsoft, IBM, and others, strongly believe that decentralized identity will completely solve access to data being held in a central respiratory system. In a decentralized structure, users have access to their accounts, and only one verification is needed.

From the above illustration, centralized identity (left) permit access to anyone if the system is compromised. In contrast, in a decentralized identity (right), only one user is given access in case of a breach.

In centralized social media platforms, users have to sign-up separately with every service they need and re-authenticate themselves every time they access their accounts, either using a password/pin or other credentials. The process is marred with several drawbacks, like a centralized database with users’ information that is vulnerable to hacking and workers being able to alter, misuse, and store a user’s data.

In a decentralized platform, a user’s data and accounts are stored on the user’s device. This implies that the “bad boys” would not be able to access your information unless they take hold of your phone or computer, making data breaches more challenging and costly to execute and wide-spread ones nearly impossible.

How Social Engineering is neutralized by Decentralization

Let us go through the significant social engineering strategies, not forgetting Twitter’s case, and see how a decentralized system can neutralize them.

The Twitter incident- insider workers tools exploited: There are two reasons why this tactic would not have transpired with a decentralized system. First, attackers can only access an employee’s account if they have their physical devices. Secondly, the hackers would also need the employee’s physical person there for biometric approval. Such a scenario is almost impossible.

SIM swapping: Since a user’s digital identity is often linked to their physical devices, routing a user’s phone number to another gadget is not useful to the hacker. The attacker’s device with a target’s mobile number still lacks the verification credentials and personal information to authenticate with Twitter.

Phishing: Workers and users both, even if confused with a fake Twitter website, could not allow account access since the fake site would be unable to prove themselves back. In a decentralized structure, the fake website would fail the username/password check to authenticate users. Therefore, decentralization protects users from phishing as well.

Tokenizer Blockchain Banking Platform

The Tokenizer is a blockchain investment banking system that champions accessible, transparent, and safe financial services. We believe that everyone deserves equal access to investment and fundraising opportunities. That is why we are democratizing access to capital for investors and fundraisers by making investing and fundraising efficient, safe, and accessible to everyone.

Are you in need of raising funds or investing in security tokens? Apply to raise funds through Tokenizer by filling this application form. If you want to invest in security tokens, sign up for a Tokenizer Investment Account today, and if you want to liquidate and trade-in Asset-Backed Tokens, we have a decentralized exchange designed for you! You can also contact us to order a metallic crypto card at $149 only.

Follow us on social media







Submit a Comment

Your email address will not be published. Required fields are marked *