Advertising
Supported by
Even some basic questions about how an array of Twitter’s most popular accounts were taken over remain unanswered.
By Mike Isaac, Sheera Frenkel and Kate Conger
When Twitter forensic investigators rushed Wednesday to notice the origin of one of the worst hacks in the company’s history, the team came to an unexpected conclusion: the hack came from a house account.
But even on Thursday afternoon, 24 hours after hackers pulled a Bitcoin scam from the accounts of political leaders like Joseph R. Biden Jr., a group of industry titans like Elon Musk, the company’s researchers still suffered many other fundamental facets of the breach. adding whether a worker had been deliberately complicit. The company was also in the process of figuring out the number of accounts affected and whether the attackers had access to account details, such as personal messages.
Some things were safe. Researchers know that at least a worker’s account and credentials were recovered and used to access an internal panel, allowing the infiltrator to access the maximum Twitter accounts, according to two other people informed about the company’s investigation. They spoke only anonymously because the investigation was still ongoing. Still, many main points remain unclear, other people said. Investigators were still looking to find out if the hackers had encouraged the worker to transmit the login details. Twitter reported Wednesday that hackers had used “social engineering,” a strategy to download passwords or other non-public data posing as a trusted user as a corporate representative. But some other line of research includes whether a Twitter worker was corrupted by his credentials, which a user who claimed the hack’s duty told the motherboard generation site.
The Federal Bureau of Investigation said it is investigating the hacking. “For the time being, the accounts appear to have been compromised to perpetuate cryptocurrency fraud,” the firm said in a statement. “We advise the public not to be a victim of this scam by sending cryptocurrencies or cash in connection with this incident.”
Twitter said in a statement: “We have taken steps to increase the security of our systems and will continue with the percentage of what we are informed of through our investigation.”
On Thursday night, Twitter said 130 accounts had been attacked in the incident. Attackers were going to send tweets from a smaller subset of accounts, the company said. It is unclear whether personal knowledge, such as direct messages, has been accessed.
The company’s hacking and inability to temporarily perceive what happened is one of Twitter’s main embarrassments. Over the next year, in reaction to the damaging revelations that incorrect information spread widely in the service to the 2016 presidential election, Jack Dorsey, the executive leader, has prioritized the sale of healthy and reliable tweets. Hacking high-level accounts for percentage of a scam showed that Twitter was not prepared for the security threats it faced.
The attack also raised doubts about the security of elections, especially as political leaders were among those attacked. If messages sent through hackers were political for a money scam, perhaps about closed polling places on polling day, this can manipulate participation.
President Trump’s account was not affected by the breach, White House press secretary Kayleigh McEnany said Thursday. Trump’s account gained more coverage after more incidents, according to a senior management officer and a Twitter employee, who spoke only anonymously because security measures were private.
The Senate Special Intelligence Committee said it would ask Twitter for data on the attack. “The ability of bad actors to take vital accounts, even fleetingly, indicates a disturbing ability to vulnerability in this media environment, which can be exploited not only for scams, but also for tougher efforts to sow confusion, havoc and political mischief. Senator Mark Warner, Virginia Democrat, vice president of the committee, said.
Wednesday’s attack was carried out in waves. First, the attackers used their access to Twitter’s internal team to take accounts with unique usernames like 6, an account that once belonged to security researcher and hacker Adrian Lamo. The attack then hit the Twitter accounts of prominent leaders and cryptocurrency companies. The next wave included many of the most popular stories, adding those belonging to political leaders, industry titans and high-level artists.
The messages were an edition of a long-running scam in which hackers pose as public figures on Twitter and promise to adjust or even triple the budget sent to their Bitcoin wallets. But Wednesday’s scam was the first to use genuine accounts of public figures.
The hackers earned $120,000 of Bitcoin in 518 transactions worldwide, according to Chainalysis, a study company that tracks the movement of cryptocurrencies. Most of those affected had Asian-related Bitcoin wallets, but about a quarter came here from the United States, according to another cryptocurrency research firm, Elliptic.
Shortly after the cash entered your wallet, the hackers began moving the cash according to a complex business trend that will make it difficult to understand the source and make tracking difficult, Chainalysis discovered.
“He looks like computer skills, but not who uses the most complicated means to whiten the pieces,” said Jonathan Levin, Chainalysis’s chief strategy officer.
Twitter temporarily deleted many messages, but in some cases similar tweets were sent from the same accounts. The company disabled giant sections of its service for hours.
“Difficult day for us on Twitter,” Dorsey tweeted wednesday night. “We are all terrible.
On Thursday, questions remained about what the attackers had done with their access. Area 1 Security, a cybersecurity firm, has documented an increase in spear-phishing emails sent from accounts posing as the same people targeted on Twitter, such as billionaire Bill Gates. The emails asked other people to send cash to the same Bitcoin wallet cited in the Twitter attack.
The breach raises vital questions about how Twitter’s internal systems work and how backing an employee’s internal access can give a white letter to an outdoor attacker on some of the world’s best-known and most popular accounts.
In a blog post Thursday, a security expert who saw hacking take control of an account managed through the expert explained how a user with access to administrative equipment can access the maximum Twitter account using a password reset feature. The focus was used on account acquisitions Wednesday, according to two other people close to the attack.
Security researchers also questioned why Twitter had no greater guarantees to monitor suspicious activity on workers’ accounts. Many corporations have systems that alert them if a worker enters sensitive knowledge or adjusts passwords and emails to account times in no time, said Rachel Tobac, a leading hacker and executive of SocialProof Security, who works with corporations to practice and verify social engineering to make some business security.
The company rushes to find out the extent of the damage and whether there will be more to come. Twitter officials said the company would tell the public as they learn more about the attack. But experts believe that, depending on how long the hackers have had administrative access, there may be other spin-off companies in the store.
“What you saw Wednesday is probably not the end of the incident,” said Alon Gal, technical director of Hudson Rock, a cybersecurity intelligence company that investigated the attack. “If they have access to personal messages, it’s not over.”
Nathaniel Popper contributed to the report.
Advertising