Everything you need to know about the Twitter crypto scan that leveraged a big account of Elon Musk, Joe Biden, Apple and Barack Obama among others.
Isn’t it the perfect money heist? We will tell you everything about it. But firstly, let’s talk about what has happened. Last night, hackers gained access to the Twitter accounts of prominent personalities including Elon Musk, Jeff Bezos and Bill Gates.
And what did they do?
They requested “donations” in cryptocurrency and promised to transfer double the amount back to the donors. It is believed that the people following these prominent personalities on Twitter have lost in excess of $100,000 in a matter of hours. Let’s discuss everything about how this even happened.
While the researchers are still looking at the timelines of the security breach, we know certain things for sure.
But how did this happen? Isn’t Twitter supposed to be secure?
Whether you are interested in cybersecurity or not, you’d know that internal employees of the company have more ‘admin’ rights than the users. In normal scenarios, these admin rights that the employees possess help them serve the users.
Imagine someone hacks your account; what would you do? You would contact the Twitter support. Their employees will use magical powers and reinstate your account.
What are these magical powers? These are the administrator and super administrator rights or privileges that help Twitter employees manage user accounts and help them in case of mishaps.
Employees are humans. And cybersecurity errors at human level are frequent.
So without further ado, let’s look at what happened.
From what we know right now, the hacker who goes by the name of ‘Kirk’ targeted Twitter employees for access to an internal tool.
Kirk, the hackers, had access to this internal tool on Twitter’s network. It allowed him to change email addresses and thus the passwords of popular Twitter accounts.
How did Kirk get access to this tool? Well, like we said, it is an internal tool for Twitter employees. Kirk likely used social engineering attack or Phishing to target one or several of the Twitter employees and got to use their tool.
The hackers have asked people to transfer money across different cryptocurrency accounts and it looks like people have lost more than $100,000. These are initial figure but we believe that the number could easily cross half a million i.e. $500,000 in donations looking at the followers. More importantly, we only know of a few accounts that have been hacked. More news will follow in the upcoming days.
Absolutely. Kirk and his partners would have spent weeks if not months to plan this attack. Just look at the way the Tweets have been crafted. Every part of the Tweet serves a purpose and has been written carefully.
From evoking the community angle to doubling the money, and from choosing the language of the public figures to making it ASAP in 30 minutes before Twitter can act or gain control back. In fact, the hackers even changed the recovery email addresses to delay the process. From learning about how the internal admin tool works to figuring out Bitcoin storage, this kind of social engineering breach could easily take 5-6 months of planning.
There is no doubt that Twitter is embarrassed. It is unlikely that an employee would be a part of the hack. Jack Dorsey has already released the statement and their team is constantly looking into the matter. It is a security mishap for sure and Twitter could have handled it better.
However, we cannot deny human error from the equation. We believe that Twitter and other companies would learn from this and improve on the lessons.