Twitter is now investigating whether an employee could have been bribed to assist in a massive security breach, as the company reveals that at least 130 accounts were compromised, many of them high-profile.
Wednesday’s rape was one of the largest on a social media site, affecting the accounts of former President Barack Obama, Joe Biden and other well-known figures on a large scale.
After discovering that hackers used Twitter’s own administrative tools to carry out the attack, the company is now investigating whether an employee was tricked into handing over his credentials or bribed to cooperate, according to the New York Times.
People who claimed responsibility for the attack previously told Motherboard that they had paid a Twitter member to help carry out the attack, sharing screenshots from a Twitter admin panel to back up their claims.
Twitter CEO Jack Dorsey said Wednesday was a “difficult day” for the company, adding that “we all feel terrible that this has happened.”
“We used a representative who literally did all the work for us,” one of the suspected hackers told the media.
On Thursday, Twitter revealed in a statement that more than 100 accounts were targeted in the attack, although not all of them were used to post scam messages requesting Bitcoin transfers to a wallet controlled by hackers.
“Based on what we know at the moment, we believe that approximately 130 accounts were attacked by the attackers in some way as part of the incident,” the company said.
“For a small subset of these accounts, attackers were able to gain control of the accounts and then send Tweets from those accounts.”
The company said it continues to assess whether non-public data related to the target accounts was compromised, and that it will provide updates if that occurs.
Twitter CEO Jack Dorsey said Wednesday was a “difficult day” for the company, adding that “we all feel terrible that this has happened.” Twitter shares fell 1 percent on Thursday.
The FBI said Thursday it is investigating the attacks, and said the high-profile accounts “appear to have been compromised to perpetuate cryptocurrency fraud.”
The ruse discovered Wednesday included fake tweets from Obama, Biden, Mike Bloomberg and several tech billionaires, including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.
Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
Twitter has said that hackers used ‘social engineering’ to attack some of the company’s employees and then gained access to the accounts.
The term refers to harnessing human nature through psychological manipulation. It can refer to tricking people into downloading malicious software or compromising them by offering something in exchange for information. Twitter did not say how its employees were engaged.
The attackers sent tweets from the accounts of the public figures, offering to send $ 2,000 for every $ 1,000 sent to an anonymous Bitcoin address.
Cybersecurity experts say such a breach could have dire consequences as attackers were tweeting from verified and influential accounts worldwide with millions of followers.
“If you receive a tweet from a verified account, belonging to a known and therefore trustworthy person, you can no longer assume that it really is theirs,” said Michael Gazeley, managing director of cybersecurity firm Network Box.
In reaction to the breach, Twitter quickly removed the tweets and blocked accounts from investigating. In the process, it prevented verified users from sending tweets for several hours.
The company said Thursday that it has taken “significant steps to limit access to internal tools and systems.” User passwords don’t appear to have been compromised, Twitter said, so users don’t need to reset them.
Many celebrities, politicians, and business leaders often use Twitter as a public platform for making statements. President Donald Trump, for example, regularly uses Twitter to post on national and geopolitical issues, and his account is closely followed by media, analysts, and governments around the world.
The White House said Thursday that its account was secure and that hackers did not endanger it.
Twitter faces an uphill battle to regain people’s trust, Gazeley said. For starters, you need to determine exactly which accounts were hacked and show that the vulnerabilities have been fixed, he said.
“If the key employees on Twitter were tricked, it is actually a cybersecurity problem in itself,” he said. “How can one of the world’s most widely used social media platforms have such weak security, from a human perspective?”
Rachel Tobac, CEO of Socialproof Security, said the breach appeared to be largely motivated by financial reasons. But such an attack could cause more serious consequences.
“Can you imagine if they had seized the account of a world leader and tweeted a threat of violence to the leader of another country?” asked Tobac, a social engineering hacker who specializes in training companies to protect themselves from such breaches.
Tobac said companies can protect themselves against such attacks by strengthening multi-factor authentication, where users have to present multiple tests as authentication before they are allowed to log into a system.
Such a process could include having a physical token that an employee must have with them, plus a password, before they can log in to a corporate or other private system. Other methods include installing technical tools to monitor suspicious internal activities and reduce the number of people who have access to confidential data, Tobac said.
This week’s case follows last year’s federal investigation of two former Twitter employees accused of spying on users of the Saudi government.
Several US lawmakers asked on Twitter to cooperate with authorities, including the Department of Justice and the FBI, to secure the site after the latest violation.
“I am concerned that this event may represent not just a coordinated set of separate hacking incidents, but rather a successful attack on Twitter security,” said Senator Josh Hawley, a Republican from Missouri.
He added that millions of users relied on Twitter not only to send tweets but also to communicate privately through direct messages. Twitter has not said whether hackers were able to access private messages from their high-profile targets.
Oregon Democratic Senator Ron Wyden said Twitter CEO Jack Dorsey told him in a private conversation in 2018 that the company was working on protecting direct messages, known as DMs, with end-to-end encryption.
But that promise never materialized, Wyden said Thursday, leaving everyone’s private messages “vulnerable to employees who abuse their internal access to company systems, and to hackers who gain unauthorized access.”
“This is a vulnerability that has lasted too long and is not present on other competing platforms,” Wyden said in an emailed statement. “If hackers gained access to users’ DMs, this violation could have an impressive impact in the coming years.”
.
