Cybersecurity professionals broadly agree on a central problem: computers and code have clear solutions, but humans do not.
Twitter provided perhaps the most prominent example of this challenge when their security was breached on Wednesday, allowing scam-filled messages to be sent from some of the most followed people on the platform, including Joe Biden, Barack Obama, Jeff Bezos, Kanye West and Elon Musk.
Details of how the attack occurred have yet to be confirmed, but Twitter announced Wednesday night that it suspected “a coordinated social engineering attack by people who successfully attacked some of our employees with access to internal tools and systems. “
In short, Twitter was not broken. An employee did it. Or more than one.
“Humans and their behavior continue to be the greatest threat to organizations,” said Mikko Hypponen, director of research for the Finnish cybersecurity company F-Secure.
“Security holes come and go. Sometimes something urgent happens, but once you patch and update, you’re ready to go, ”he said. “Human weaknesses are always there. Every day. Always.”
Twitter worked to contain the damage, but it took several hours, including a period in which it prevented most verified users from posting new tweets. (Verified users, known for their blue checkmarks, tend to be prominent figures in politics, media, business, and culture.) During that time, scam tweets were sent from dozens of major accounts, as well as hundreds of unverified accounts. Hackers quickly received hundreds of transfers worth more than $ 115,000.
Giovanna Falbo, a Twitter spokeswoman, declined to comment beyond the company’s tweets. But the company told Vice’s Motherboard, a tech-focused post, that whoever was behind the breach had managed to get someone on Twitter to voluntarily provide access. Motherboard reported that the people who claimed responsibility for the attack had worked with someone on Twitter, and that one person said the Twitter employee had been paid for access.
It is more common for employees to be unaware of the role they play in data breaches. The most common hacking efforts focus on tricking employees into giving up login information, a process known as phishing.
But other major hacks have involved people from the company using their access. An “insider threat” was allegedly responsible for the Capital One security breach in 2019, in which former Amazon engineer Paige Thompson was accused of taking advantage of her knowledge of that platform to gain access to Capital One’s servers on Amazon Web Services.
The problem of experts from companies that open the door to hackers has also become a national security problem at the heart of international espionage schemes. Twitter has also faced this problem. In November, the Justice Department accused two former Twitter employees of providing user data to Saudi Arabia. And in 2017, a Twitter employee briefly closed President Donald Trump’s account.
How to stop these types of security breaches has become the subject of growing efforts within the world of cybersecurity. Which employees have access to which systems are now closely watched, and security software can now keep an eye on employees who are doing unusual things.
Companies are also working to discover how to ensure that employees do not have more access than they need. Marcin Kleczynski, CEO of Malwarebytes, said Twitter will inevitably review the internal systems used in the breaches, noting in particular a tool for resetting account passwords that has been the subject of speculation by some cybersecurity experts.
“Twitter will be eager to make sure this never happens again, so it will be interesting to see what focus they put on this management tool and what access people will have on Twitter in the future,” he said.
Targeting people who may be willing to turn on their employers is not a new tactic. For decades, the US defense industry has been the target of widespread espionage efforts to steal confidential information about weapons systems by putting pressure on company employees, often with money lures or threats to reveal confidential personal information. .
While there is no indication that the Twitter breach was part of an espionage effort (such work is generally not intended to attract international attention), there are other factors that may push people to accept monetary offers.
Michael Hamilton, a former chief information security officer for the City of Seattle, said that during the recession that followed the financial crisis, employees were more likely to receive offers from hackers.
“When macroeconomics becomes really bad … people have a greater tendency to go to the dark side,” he said.
Hamilton said the current economic downturn has almost certainly caused more activity by hackers looking for opportunities to convince employees to take risks.
“The offers for people are probably coming in with intensity right now because the audience is receptive, and again all this abandonment of the economy caused by COVID creates the opportunity for this type of internal embezzlement,” he said.