That Twitter System Hack ... [2020-07-15]

Discussion in 'General Discussion' started by BRiT, Jul 16, 2020.

  1. BRiT

    BRiT Verified (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    16,004
    Likes Received:
    14,986
    Location:
    Cleveland
    Ars has a decent write up about that Twitter system hack that took place yesterday. Here's the introduction of that article, that you can read at https://arstechnica.com/information...internal-systems-to-bitcoin-scamming-hackers/

    Twitter lost control of its internal systems to Bitcoin-scamming hackers
    Celebrity account holders weren't the only targets. Late hacker Adrian Lamo was too.

    The first signs of compromise occurred around 1 PM California time when hijacked accounts—belonging to Vice President Joe Biden, Elon Musk, Bill Gates, and other people with millions or tens of millions of followers—started pumping out messages that tried to scam people into transferring cryptocurrency to attacker-controlled wallets.

    In a tweet issued about seven hours after the mass takeover spree began, Twitter officials said the attackers appeared to take control by tricking or otherwise convincing employees to hand over credentials.

    “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the tweet said. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

    Once Twitter learned of the takeovers, company personnel locked down the accounts and removed the tweets. Twitter’s tweet thread didn’t explain why Musk’s account posted fraudulent tweets after previous ones had been deleted.
     
    digitalwanderer likes this.
  2. BRiT

    BRiT Verified (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    16,004
    Likes Received:
    14,986
    Location:
    Cleveland
    Allegedly this was an inside job, where the hackers paid an insider to help them. https://www.vice.com/en_us/article/...r-access-panel-account-hacks-biden-uber-bezos

    Hackers Convinced Twitter Employee to Help Them Hijack Accounts
    After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground

    The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.

    In all, four sources close to or inside the underground hacking community provided Motherboard with screenshots of the user tool. Two sources said the Twitter panel was also used to change ownership of some so-called OG accounts—accounts that have a handle consisting of only one or two characters—as well as facilitating the tweeting of the cryptocurrency scams from the high profile accounts.
     
    digitalwanderer likes this.
  3. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    8,452
    Likes Received:
    1,848
    Could this related to the previous scam on YouTube? They made fake Elon musk channel with fake title and description but with real interview video and real profile photo of Elon muah.

    It got the same video title / description as the nefarious tweets
     
  4. Malo

    Malo Yak Mechanicum
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    7,700
    Likes Received:
    3,785
    Location:
    Pennsylvania
    Not even close, that's not even a hack.
     
  5. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    8,452
    Likes Received:
    1,848
    I don't mean the hack, but the scam/scammer.
     
  6. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,824
    Likes Received:
    253
    Location:
    Taiwan
    It's a very common type of scam though, so they might be copycats.
     
    orangpelupa likes this.
  7. Betanumerical

    Veteran

    Joined:
    Aug 20, 2007
    Messages:
    1,699
    Likes Received:
    179
    Location:
    In the land of the drop bears
    BRiT, Bludd and orangpelupa like this.
  8. BRiT

    BRiT Verified (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    16,004
    Likes Received:
    14,986
    Location:
    Cleveland
    Ars has a news article about the hack, here's the first few tidbits...

    https://arstechnica.com/information...hone-spear-phishing-in-mass-account-takeover/

    Twitter hackers used “phone spear phishing” in mass account takeover
    This month's epic breach targeted multiple employees, Twitter says.

    The hackers behind this month’s epic Twitter breach targeted a small number of employees through a “phone spear phishing attack,” the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools.

    “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post. “This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe."

    Thursday's update also disclosed that the hackers downloaded personal data from seven of the accounts, but didn't say which ones.
     
    digitalwanderer likes this.
  9. digitalwanderer

    digitalwanderer Dangerously Mirthful
    Legend

    Joined:
    Feb 19, 2002
    Messages:
    17,772
    Likes Received:
    2,267
    Location:
    Winfield, IN USA
    Sweet, just an old fashioned call 'em up and tell them you forgot your password type social engineering hack!

    Social engineering is still the most effective form of hacking I know, it's always vulnerable.
     
  10. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,824
    Likes Received:
    253
    Location:
    Taiwan
    Note that this phone hacking attack was not targeting ordinary users, but Twitter employees. It wouldn't surprise me that they used to have stronger protection against this kind of attack (e.g. you need to request a password reset in person etc.) but the COVID-19 pandemic induced working for home somehow weakened it.
     
    digitalwanderer likes this.
  11. digitalwanderer

    digitalwanderer Dangerously Mirthful
    Legend

    Joined:
    Feb 19, 2002
    Messages:
    17,772
    Likes Received:
    2,267
    Location:
    Winfield, IN USA
    Which probably means a lot of other places are a lot more vulnerable to social hacks right now, oh boy! :(
     
    pcchen likes this.
  12. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,824
    Likes Received:
    253
    Location:
    Taiwan
    The attacker was arrested

    Assuming they got the right guy, it looks like the work-at-home arrangement did contributed at least in part:

     
    digitalwanderer and BRiT like this.
  13. milk

    milk Like Verified
    Veteran Regular

    Joined:
    Jun 6, 2012
    Messages:
    3,447
    Likes Received:
    3,329
    So this attack means there are multiple employees at twitter at not particularly high ranks and low enough security procedures with tools that allow them to post content as if from any twitter account.

    huh.

    Good to know.

    This hacker is doing god's work.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...