Writer- Riyaz Rafi Ahmed
Cybersecurity & DevSecOps Engineer at Hippo Video
So the recent news is that Twitter was hacked. Here’s my rundown of it & what you should know:
WHO WERE HACKED?
Twitter verified accounts such as those of President Barack Obama, Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, the Apple and Uber corporate accounts, pop star Kanye West and even Elon musk were breached by the same adversary.
Twitter quickly removed many of the messages, but in some cases similar tweets were sent again from the same accounts, suggesting that Twitter was powerless to regain control.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
– Twitter Support Team (~1 hour after the attack started)
HOW WERE THEY HACKED?
Based on the official sources, the twitter attack is a combined phishing + internal employees panel takeover.
1. Attacker phishes the twitter employees via social engineering tactics
2. Attacker takeover the internal employees portal/backend admin panel
3. Attacker posts a tweet containing bitcoin address on the celebrity accounts and receives payment anonymously via bitcoin
HOW MUCH DID THE ATTACKER GAIN?
Within the first hours of the attack, people were duped into sending more than $118,000 to the hackers. It also seems possible that a great number of sensitive direct messages could have been accessed by the attackers. Of even greater concern here is the speed and scale at which the attack unfolded. It spread rapidly like wildfire and all the posts carry the same bitcoin address which shows that it is a coordinated attack from the same adversary.
You can literally see the money flowing into the bitcoin address in the link above/here. Match the value of 1 BTC with what they have in their account.
Understand that the attacker managed to get inside twitter’s admin panel by social engineering the internal employees and then launched this large scale scam. It’s a relief that the attacker’s motivation here is monetary and not to sow chaos into twitter (which they could have easily done via access to the admin panel). The hackers did not use their access to take aim at any important institutions or infrastructure; instead just asking for Bitcoin. But the attack is concerning to many because it suggested that the hackers could have easily caused much more havoc.
One likely scenario could be that hackers gained access to the back end of Twitter’s employee administration panel, which could include access to change account passwords. This could have happened by a hacker stealing an employee’s credentials, especially if an employee didn’t have secure MFA.
Riyaz Rafi Ahmed
Make sure to connect him on LinkedIn and brainstorm your cybersecurity ideas 🙂