Twitter was shut down for many users yesterday, because the platform had been targeted by hackers. The attackers pretended to be well-known people and asked their followers to transfer Bitcoin. Twitter calls the hack a “coordinated social engineering attack”. The company is investigating how this could have happened. It is not clear when everybody will be able to access their accounts again.
If you opened up Twitter yesterday, you will probably have noticed that something was wrong. The accounts of many national and international celebrities and tech companies had been hacked. Elon Musk, Bill Gates, Barack Obama, Joe Biden, Jeff Bezos, Kanye West, Kim Kardashian, Apple, and Uber have all been targeted by the attackers, according to the media.
The hackers asked followers of these accounts to transfer Bitcoin to a certain address so that they could give back to the community due to Covid-19, as the tweet said. The transferred amount would then be doubled by the ‘account owner’ and sent back to the person who transferred it. And if your account has millions of followers, like Elon Musk’s of Bill Gates’ account, it’s likely that some people believe this. That is how the attackers managed to steal 12,9 Bitcoin, almost $118,000. And, of course, this money disappeared into the pockets of the attackers almost immediately. A Bitcoin scam of this scale has not happened before on Twitter.
You might wonder how the attackers managed to hack into the accounts of these prominent people and businesses. Twitter states that the hackers targeted their employees in a “coordinated social engineering attack”. This is different from what usually happens in an attack. Often, malicious people try to hack into IT systems, computer networks, or applications from the outside. They will try and misuse vulnerabilities or exploits in the software to try and get into the system.
But this time the hackers had a different plan of attack. In this social engineering attack, the hackers most likely tried to deceive Twitter employees by pretending they were working for another company that was hired to help out with an issue. Since people are naturally helpful and trusting, hackers will be able to abuse that trust. They will manage to obtain information that will allow them to get into the systems. Firewalls, antivirus software, or other security measures won’t protect a company in this type of attack.
Twitter has stated that “employees with access to internal systems and tools” were successfully targeted by the attackers. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more [on the Twitter support account] as we have it”.
Twitter calls this attack a “security incident” and explains that the company has taken measures immediately. The company has temporarily disabled a large number of verified accounts as a precaution. These accounts can no longer send tweets or change their password. Though they can still retweet other messages. The owners of the accounts will regain access to them as soon as the company is certain that they are no longer at risk.
The attackers might still have access to Twitter, which is why the investigation into the attack is still very much active. The company is trying to reduce risk as much as possible by locking certain accounts.
There is much talk online about how this could have happened. Tech site Vice claims to have talked to anonymous sources that have stated that a Twitter employee was bribed for access to the internal systems. And a person who is familiar with the underground hacking scene told TechCrunch that someone known as ‘Kirk’ was responsible for the attack.