Serviceteam IT Security News

The attackers exploited the human factor to gain access to Twitter’s internal systems and the accounts of some of the world’s most prominent figures

Twitter – still recovering from the recent brazen breach where miscreants hijacked 130 accounts belonging to prominent figures and used the handles to peddle a bitcoin scam – has now shed some light on the circumstances leading up to the incident.

According to the company’s investigation, the attackers used social engineering to target a handful of its employees via a “phone spear phishing attack”.

In a typical spear phishing attack, a criminal masquerades as a trusted entity and sends a tailored email or instant message to a well-researched target in order to steal their sensitive information, such as login credentials or financial information, or to deliver malware.

In Twitter’s case, the incursion seems to have involved phone calls and happened in multiple phases. “Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools,” said the social media giant.

The attackers then leveraged these credentials to access the tools they needed for their grand scheme – infiltrating 130 accounts, tweeting from 45, accessing the direct messages (DMs) of 36, and downloading data from seven. The company described the attack as a “significant and concerted attempt to mislead certain employees and exploit human vulnerabilities.”

Twitter went on to say that in light of the attack it has revised its security measures and severely limited access to its internal tools and systems, while it investigates the incident further. The company warned that this may lead to a curtailed user experience:

“As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted. We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform.”

The social media platform also announced that it is working on improving its methods concerning the prevention and detection of inappropriate access and use of its internal tools. Twitter also vowed to continue to conduct company-wide phishing exercises.

RELATED READING: Would you get hooked by a phishing scam? Test yourself

Shortly after the security breach dating back to July 15th, the hijacked account of Tesla CEO Elon Musk fired off a tweet saying “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”

A spate of similar tweets followed from other hacked accounts, including those of Barack Obama, Joe Biden, Bill Gates and Jeff Bezos, among others. The ploy apparently worked, since one of the cryptocurrency wallets received 12.86 BTC (some US$117,000) over a short span of time.

Shortly after the incident, Motherboard, security journalist Brian Krebs, and the New York Times all published interesting accounts of what led to the breach, complete with testimonies from people allegedly involved in the scheme.

Additional reading

What to do if your Twitter account has been hacked

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!