On Wednesday, July 15th, hackers successfully launched attacks against 130 Twitter accounts in an effort to fraudulently receive cryptocurrency.
130 accounts of famous individuals and some big name companies were compromised in the attack.
Attackers posted messages from the compromised accounts that included a bitcoin address and a short message. Although each message was slightly different, each carried the same theme:
“I am giving back to my community due to Covid-19!
All Bitcoin sent to my address below will be sent back double, so for $1000, I will send back $2000.
Only doing this for the next 30 minutes! Enjoy.”
This message was posted to most of the compromised accounts. By Thursday, hackers had received over 400 payments in Bitcoin worth over $120,000.
Although attacks of this nature have become common in 2020, this attack was different because attackers were able to post the comments directly from the user’s account.
How were the attacks conducted?
Twitter provides administrator privileges to many of its employees so they may troubleshoot account issues. These employees are granted access to a “Twitter admin tool” that grants them privileges for each account.
Instead of compromising the passwords of the affected accounts, hackers gained access to this admin tool by targeting Twitter employees.
The hackers used sophisticated social engineering attacks against the employees to gain access to the tool. Although the details of the attack are being kept confidential by Twitter, the company did confirm this theory in a series of tweets.
Twitter stated that the employees were targeted with: “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Social engineering attacks can be highly successful because they enable hackers to bypass many perimeter defenses, like firewalls and intrusion detection systems.
Hackers received Bitcoin at the digital wallet address they included with the messages. Once payments were received, hackers quickly transferred the Bitcoin to other wallets in an attempt to hide the currency or delay discovery.
Who was affected?
Former President Barack Obama, former Vice President Joe Biden, Elon Musk, Bill Gates, Kanye West, and Apple were some of the more famous accounts targeted by the attack.
In total, the hackers were able to compromise 130 separate accounts. Many people were fooled by this attack in particular because the messages stemmed from each user’s legitimate account.
Past attacks of this nature were common, but the messages were always posted by accounts with similar names, like @ElonMuskVerified, or @BillGatesLive instead of the user’s actual account. Wednesday’s attacks were able to post information from the legitimate account, making the messages more believable.
What is the response?
Twitter has locked the affected accounts until it completes an investigation into how exactly the accounts were compromised.
On Wednesday, Twitter prevented all verified accounts from posting at all. This is the first time Twitter has taken this step in its entire history and highlights the severity of the attack.
Numerous police investigations were launched following the attacks. The Federal Bureau of Investigation (FBI) also launched its own investigation.
The United States Senate has demanded that Twitter brief them on the situation by July 23rd.
What will happen next?
This incident demonstrates the need for proper cyber security at every level of a company. Twitter’s reputation is sure to suffer after this attack and other companies will likely review their cyber security policies in its aftermath.
The field of cyber security is rapidly growing. If you are interested in entering this exciting field, take a moment to check out our Security+ Course. Our course teaches you everything you need in one week so that you can earn an average yearly salary of $85,000.