What Actually Happened
With all the craziness of 2020, it might be easy to forget that the biggest Twitter hack ever happened this year. It was a successful spear phishing attack where the hackers masqueraded as celebrities and other high-profile accounts to scam people out of Bitcoin. This hack has been called “the worst hack of a social media platform yet”. I want to review what happened in this hack because it actually has some dangerous implications.
On July 15, 2020, over 100 high-profile Twitter accounts began tweeting the similar messages. The messages asked their followers to send Bitcoin to a cryptocurrency wallet and they would send back double the amount. Some of the compromised accounts included presidential candidate Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos. In addition, several cryptocurrency Twitter accounts such as CoinBase, CoinDesk, and Binance. It should have been immediately obvious to most people that these accounts had been hacked but they still managed to trick some people. The hackers gained over $100,000 worth of bitcoin before Twitter stopped the attack. Twitter didn’t just remove the tweets; they stopped all verified accounts on the platform from tweeting anything. It was…surreal.
How it happened
How did this happen in the first place? If you read our previous blog on social engineering attacks, you would know that the weakest link in a cyber security posture is typically the people within the organization. This Twitter hack was no different. Twitter confirmed that the scam was possible due to a successful social engineering attack on several of its employees with access to internal systems and tools. Twitter later confirmed that it was a phone-based spear phishing attack. They used social engineering to obtain the credentials of lower level employees first, then they used those accounts to trick employees with access to admin tools into giving them their credentials.
Investigations revealed that the attacks were conducted by members of the “OGusers” forum group. The forum is used to buy and sell social media accounts with rare or short names. Although there were four primary suspects, only three of them were arrested and charged.
What are the implications
This Twitter hack intensifies concerns about social media that cybersecurity experts have already had. The potential to create misinformation through trusted sources is very real. They already hacked the accounts of politicians but what if they also compromised the account of a popular news outlet. Hackers could use these platforms to cause panic and possibly even affect the stock market. All it takes is one fabricated news story to break that could tip the stock market in their favor.
So, I think it is worth reiterating my top tips to prevent Social Engineering attacks.
- Don’t open emails from suspicious sources or click suspicious links. Examine the emails carefully for any sign of fraudulence. Always verify the sender’s email address.
- Do not connect unknown media to your devices. Finding that flash drive on the ground may not have been good luck.
- Lock your devices when you leave them unattended.
- Always be skeptical. Do not reveal personal information to strangers or people claiming to be someone you know. Turn the tables on them and verify their identity before revealing any information.
- Keep your anti-virus software updated. Many malware attacks are caused by known vulnerabilities left unpatched.
- Be mindful of the personal information you post on social media. Attackers will mine profiles for information to help them find targets.
- Do not allow strangers on the premises. If they claim to be an employee, then let them properly authenticate to gain access. If you are not sure about a delivery person, then ask a security guard to verify the delivery.