1.3 KiB
Detect hijacked accounts and reallocate them
-
Type: Counter TTP
-
Name: Detect hijacked accounts and reallocate them
-
Id: C00043
-
Summary: nan
-
Playbooks: In all playbooks the platform must force user verification, credential reset and enable MFA. Suspend the account if it cannot be verified. Playbook 1: Use sites like https://haveibeenpwned.com to detect compromised and at risk user accounts. Playbook 2: Monitor for unusual account usage (use of VPN, new geographic location, unusual usage hours, etc).
Playbook 3: Detect sudden deviation in user sentiment such as suddenly dropping hashtags linked to extremist content. Playbook 4: Purchase "likes", "retweets" and other vehicles which identify a bot and/or hijacked account. Ban the account. Playbook 5: Detect hijacked account and spam their posts. "OP is a known disinformation bot. http://link.to.proof[.]com" -
Metatechnique: cleaning
-
Resources needed: platform_admin,activists,civil_society,money
-
Belongs to tactic stage: TA03
| Counters these Tactics |
|---|
| Counters these Techniques |
|---|
| C00043 Hijack legitimate account |
| Seen in incidents |
|---|
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW