The series of hackings of influential Twitter accounts reveals its first explanations. An employee of the social network is said to have con...
The series of hackings of influential Twitter accounts reveals its first explanations. An employee of the social network is said to have contributed to the cyber-attack.
Wednesday 15 July from 10 pm, Twitter experienced one of the worst days in its history. In 14 years, the bluebird social network had never experienced such a scenario: in the space of 30 minutes, more than a dozen of the most influential accounts in the tech, political and crypto-currency world were taken over by one person or a group of malicious people.
Elon Musk, Jeff Bezos, Barack Obama, Bill Gates, but also Apple, Uber and cryptos accounts like Bitcoin and Binance have published a tweet sharing a Bitcoin scam, targeting everyone's community to pay them a sum of money in the crypto-money. It took more than an hour and a half before the first strong measures were taken by Twitter, which in the meantime has given itself the unique ability to quickly delete the scam tweets appearing every minute.
What happened? From the first leads
In the early morning, the Twitter support account was delivering its latest information: during the whole night, the accounts of certified users were blocked: they could no longer tweet or change their password. A measure to prevent malicious people from being able to perform their actions.
At the same time, the technical specialists at the Vice news site revealed the first leads as to the technique used and the perpetrators of the attack. According to two sources, "the hackers convinced a Twitter employee to help them hijack the accounts. These are believed to be individuals who were part of the attack and who provided information about the Canadian news site's testimonial service.
"We used a representative who literally did all the work for us," she said. On Twitter, the information confirmed that someone had indeed had access to a management tool - internal to Twitter - that would have been used to take control of the various accounts. Vice was also able to get screenshots of the same tool, and photos posted on Twitter were quickly deleted by the social network for violating the rules.
As we were saying yesterday, the attack was therefore not carried out on a case-by-case basis. The malicious person(s) would have used this internal tool, which is a real panel allowing to take control of the different accounts. At the moment, it remains to be seen whether the organization of this attack would have been solely orchestrated by the Twitter employee, or whether this internal company person would have been paid to help the real hackers.
Twitter confirms internal lead
Minutes after Vice's article was published, Twitter confirmed the lead: "We detected what we believe to be a coordinated social engineering attack by people who managed to target some of our employees with access to internal systems and tools.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.— Twitter Support (@TwitterSupport) July 16, 2020
The bluebird social network spoke on its support account, explaining that during their investigation, its team had taken "significant steps to restrict access to internal systems and tools.
Nearly 12 hours after the start of this unprecedented attack on Twitter, the malefactors managed to obtain nearly 12.9 BTC, the equivalent of more than €100,000. According to Blockchain.com figures, the BTC (unique) address published in the various scam tweets counted 376 transactions, a score that could have been much higher if the tweets had stayed longer.