The Twitter Cyber Scam – How Twitter Got Hacked
by Robert Bond
Twitter has suffered the most catastrophic attack in its history and one that directly affected many of its celebrity clients. On Wednesday, alleged hackers gained access to Twitter internal systems and tools which allowed them to compromise high profile accounts belonging to prominent cryptocurrency sites, celebrities, and politicians. The attackers deployed a cryptocurrency scam, where the main blockchain address used, collected slightly over 12 Bitcoin, amounting to more than US $116,000 within hours.
In a series of Tweets, Twitter, through their support channel, quickly acknowledged the attack and took measures to stop the attack.
How the Twitter Account Happened
When contacted, a Twitter spokesperson did not comment on the attack, but through a series of tweets on their support account, they confirmed that “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Twitter users noticed a tweet that was posted from the compromised accounts stating that these accounts were giving back to the community and asked to be sent bitcoin to a given bitcoin wallet address. The message went further to claim that any amount sent would be doubled and sent back. This is a known cryptocurrency technique that has been used before.
Motherboard accessed some screenshots of the internal Twitter user administration tools that the hackers might have used to compromise the affected accounts.
The hackers got hold of those handles and changed the email addresses associated with the accounts, which made it difficult for the users to regain control of their accounts.
Who Were the Targets of the Twitter Hack?
From the onset, it became clear that the attack was widespread. The attack had ensnared some top corporate and cryptocurrency accounts. Apple, who is known to have robust security, was one of the victims.
Cash App, Hard Drive, Uber were some of the other accounts that fell victims too.
High profile accounts including those of former president Barack Obama, The Democratic party presidential hopeful Joe Biden, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk also fell victims of the attack.
The attack also hit top investor Warren Buffet, who has been a prominent and a harsh critic of cryptocurrencies. He told CNBC in February that “I don’t have any cryptocurrency and I never will.”
With 45 of the accounts, the attackers were able to reset the passwords, log into the accounts, and send out tweets — all without alerting the account owners until after the fact.
With eight of the compromised accounts, the attackers were additionally able to download detailed information about their Twitter profiles using the “Your Twitter Data” tool. The data that the attackers were able to access included usernames, email addresses, phone numbers, login history — including login IP and location information — the browsers and mobile devices associated with the accounts, blocked and muted accounts, and entire tweet history.
“There is a lot speculation about the identity of these 8 accounts,” Twitter conceded in a tweet July 17. “We will only disclose this to the impacted accounts, however, to address some of the speculation: none of the eight were Verified accounts.”
How Twitter has Handled the Attack
In a series of tweets posted this evening under its support channel, Twitter said that its internal systems were compromised by the hackers, confirming the theory that the attack could not have been conducted without prior access to Twitter’s own tools and employee’s network access privileges.
Through the support account, Twitter claimed that upon taking notice of the situation, they “immediately locked down the affected accounts and removed Tweets posted by the attackers.” They also took the unprecedented step of disabling the posting of new tweets from verified accounts.
Further tweets from the account stated, “This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.” “We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.”
Twitter also gave an assurance of their working towards resolving the internal issue to “limit access to internal systems and tools while our investigation is ongoing.”
The FBI’s Response to the Twitter Hack
The heist has also caught the attention of the FBI, who responded. “We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals,” the FBI’s San Francisco field office said in a statement. “The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
Twitter’s Similar attacks in the past
In 2018, scammers impersonated Elon Musk, who is a known cryptocurrency enthusiast. The scammers would use his profile photo, use a username similar to his, and tweet out an offer that was effective despite being too good to be true: send him a little cryptocurrency, and he’ll send you a lot back. Many people fell for this scam, and it was enough to incentivize further scam attempts.
Only last year, Twitter CEO Jack Dorsey’s personal account was hacked. The company responded saying that it had fixed the flaw that had left his account vulnerable.
Who Hacked Twitter?
On July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed 17-year-old Graham Clark of Tampa, Florida, under arrest. He is accused of being the lead behind the biggest security and privacy breach in Twitter’s history. Apparently, Clark was not alone; after the Tampa arrest was revealed, two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” according to the Department of Justice.
According to Clark, he one who got access to Twitter’s internal tools and directly carried out the crime. he allegedly convinced a Twitter employee that he worked in the Twitter IT department and tricked that employee into giving him the credentials.
Initially, Twitter said that it fell victim to a “phone spear phishing attack”, and previous reports suggested the hacker either found their way into Twitter’s internal Slack channel or managed to bribe an employee.
Now, according to federal investigators, Sheppard was arrested because he used a personal driver’s license to verify himself with the Binance and Coinbase cryptocurrency exchanges. In addition, his accounts were found to have sent and received some of the scammed bitcoin. Fazeli also used a driver’s license to verify with Coinbase, where accounts controlled by “Rolex” allegedly received payments in exchange for stolen Twitter usernames.
The Hillsborough State Attorney, Andrew Warren suggested, “These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
As the investigations progress and new details are revealed we will update this blog post.
To Learn More About How to Defend Against all Types of Cyber-Attacks or If You Have Been Attacked Please Call Us – as Always, We Are Happy to Help – 1 (888) 982-0678.
You Can Also Fill Out Our Contact Us Form Here to Talk with a Security Specialist – https://secureops.com/contact-us/
July 16, 2020
August 3, 2020