Header Ads

Twitter is investigating whether hackers bribed an employee to get access to the world's most powerful accounts as more signs point to 'inside job' in catastrophic breach

Twitter is now investigating whether an employee could have been bribed into assisting in a massive security breach, as the company reveals at least 130 accounts were compromised, many of them high-profile.
Wednesday's breach was among the largest ever on a social media site, affecting the accounts of former President Barack Obama, Joe Biden, and other well known figures on a massive scale.
After discovering that the hackers used Twitter's own administrative tools to perpetrate the attack, the company is now investigating whether an employee was tricked into turning over their credentials, or bribed into cooperating, according to the New York Times.  
Individuals claiming responsibility for the attack previously told Motherboard that they had paid off a Twitter insider to help carry out the attack, sharing screenshots of a Twitter admin panel to back up their claims.
Twitter CEO Jack Dorsey has said that Wednesday was a 'tough day' for the company, adding 'We all feel terrible this happened'
Twitter CEO Jack Dorsey has said that Wednesday was a 'tough day' for the company, adding 'We all feel terrible this happened'

'We used a rep that literally done all the work for us,' one of the alleged hackers told the outlet.
On Thursday, Twitter revealed in a statement that more than 100 accounts were targeted in the attack, though not all were used to post scam messages soliciting Bitcoin transfers to a wallet controlled by the hackers.
'Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,' the company said.
'For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.'
The company said it is continuing to assess whether non-public data related to the targeted accounts was compromised, and that it will provide updates if that occurred. 
Twitter CEO Jack Dorsey has said that Wednesday was a 'tough day' for the company, adding 'We all feel terrible this happened.' Twitter shares dropped 1 percent on Thursday.
The FBI said Thursday it is investigating the hacks, and said the high-profile accounts 'appear to have been compromised in order to perpetuate cryptocurrency fraud.'
The ruse discovered Wednesday included bogus tweets from Obama, Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. 

Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
Twitter has said the hackers used 'social engineering' to target some of the company's employees and then gained access to the accounts. 
The term refers to taking advantage of human nature via psychological manipulation. It can refer to tricking people into downloading malicious software or compromising them by offering something in return for information. Twitter did not say how its employees were compromised.
The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
Cybersecurity experts say such a breach could have dire consequences since the attackers were tweeting from verified, globally influential accounts with millions of followers.
'If you receive a tweet from a verified account, belonging to a well-known and therefore trusted person, you can no longer assume it´s really from them,' said Michael Gazeley, managing director of cybersecurity firm Network Box.
Reacting to the breach, Twitter swiftly deleted the tweets and locked down the accounts to investigate. In the process it prevented verified users from sending out tweets for several hours.
The company said Thursday it has taken 'significant steps to limit access to internal systems and tools.' User passwords did not appear to have been compromised, Twitter said, so it's not necessary for users to reset them.
Many celebrities, politicians and business leaders often use Twitter as a public platform to make statements. President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts and governments around the world. 
The White House said Thursday his account was secure and wasn't jeopardized by the hacks.
Twitter faces an uphill battle in regaining people´s confidence, Gazeley said. For a start, it needs to figure out exactly which accounts were hacked and show the vulnerabilities have been fixed, he said.
'If key employees at Twitter were tricked, that´s actually a serious cybersecurity problem in itself,' he said. 'How can one of the world´s most used social media platforms have such weak security, from a human perspective?'
Rachel Tobac, CEO of Socialproof Security, said that the breach appeared to be largely financially motivated. But such an attack could cause more serious consequences.
'Can you imagine if they had taken over a world leader´s account, and tweeted out a threat of violence to another country's leader?' asked Tobac, a social engineering hacker who specializes in providing training for companies to protect themselves from such breaches.
Tobac said companies can guard themselves against such attacks by beefing up multi-factor authentication - where users have to present multiple pieces of evidence as authentication before being allowed to log into a system.
Such a process could include having a physical token that an employee must have with them, on top of a password, before they can log into a corporate or other private system. Other methods include installing technical tools to monitor for suspicious insider activities and reducing the number of people who have access to sensitive data, Tobac said.
This week's case follows last year's federal investigation of two former Twitter employees charged with spying on users for the Saudi government.
Several U.S. lawmakers called on Twitter to cooperate with authorities including the Department of Justice and the FBI to secure the site after the latest breach.
'I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,' said Sen. Josh Hawley, a Missouri Republican.
Massive scam leaves Biden, Musk, Obama Twitter accounts hacked
Loaded: 0%
Progress: 0%
0:00
Previous
Play
Skip
Mute
Current Time0:00
/
Duration Time0:53
Fullscreen
Need Text
He added that millions of users relied on Twitter not just to send tweets but also communicate privately via direct messaging. Twitter hasn't said if hackers were able to access the private messages of their high-profile targets.
Oregon Democratic Sen. Ron Wyden said Twitter CEO Jack Dorsey told him in a private conversation in 2018 that the company was working on protecting direct messages, known as DMs, with end-to-end encryption.
But that promise never materialized, Wyden said Thursday, leaving everyone's private messages 'vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access.'
'This is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms,' Wyden said in an emailed statement. 'If hackers gained access to users´ DMs, this breach could have a breathtaking impact, for years to come.' 

3 comments:

  1. Hackers took screenshots of Twitter's censorship tools, proving Twitter is lying about censorship and instead has a detailed control panel admins use to clandestinely destroy or boost accounts. Nothing there reflects true public will or what would really be popular at all if left alone. The only surviving capture has mundane censorship tools that are enough to support the story line but not enough to really anger the public. The more complete screen caps showed a precision censorship engine that even allowed percentages.

    To immediately provide blanket protection to those sending tweets that proved Twitter was allowing elite criminals to collaborate their efforts with regard to the corona scam and a LOT MORE, Twitter shut down all verified accounts which would hold people accountable to what the hackers found. Twitter obviously did this to protect criminal interests.
    The bottom line is that Twitter is actively assisting those who are seeking to destroy the United States by providing them with a private communications platform that allows them to all connect perfectly, while at the same time, Twitter is destroying those who are attempting to save the United States by stifling and destroying communications. The genie is out of the bottle. It is not a mystery or anything they can lie their way out of anymore.

    The initial stories about this incident, the hackers made records of the private tweets of the top elite criminals and threatend to make them public if a bitcoin payoff was not made. That was the original story and it has now changed for obvious reasons.

    The control panel proved passwords are irrelevant to twitter admin, they just back door into anything they want, password free and that is what allowed the hackers to get into everything. And worse, if Twitter is now proven to be such an outfit, what about the rest of silicon valley? Twitter has obviously been the cleanest of them all, SO WHAT ABOUT THE REST?
    Jack Dorsey LIED to Congress!

    ReplyDelete
  2. Twitter is 'investigating' something? Twitter? That's as absurd as Fakebook investigating something (anything). If either of them happened to stumble across the truth about something (anything), they'd do their level best to bury it, or, failing at that, to twist and distort it, and then to publish it far and wide in its twisted and distorted state.

    ReplyDelete
  3. We can help you begin making a lot of cash using this wonderful twitter marketing resource. Follow LinkW88moinhat on Twitter

    ReplyDelete