The Epic Twitter Hack Was Caused By Social Engineering

I’ll give Twitter points for coming clean on what happened yesterday when it comes to the fact that verified Twitter accounts were taken over to promote cryptocurrency scams. But I am not sure if it will make anyone feel better. But let’s start with what actually happened. Twitter posted a series of Tweets describing how this epic hack took place:

So in short, they got pwned not because of a bug in Twitter, but because of a social engineering attack. Which once again proves that the weakest link in terms of IT security are the humans. And companies need to do training an put countermeasures in place to make sure that they don’t become the next victim of something like this. Or worse.

Besides the above, you have to ask what else did these hackers get access to. Twitter doesn’t know which is why they are still investigating. And I hope for their sake that their investigation is comprehensive as I wouldn’t want these miscreants floating around my network to cause trouble at a later date. So consider this story to be far from over. Something that Max Heinemeyer, Director of Threat Hunting, Darktrace agrees with:

This attack is unprecedented in both its targets and the serious level of widespread access. There is strong evidence to suggest that the attackers gained access into Twitter’s back-end systems, theoretically granting them access to any twitter account – even that of a US president. 

Despite this level of access, we cannot assume this is the work of a nation state: many cyber-criminals today have access to tools and techniques once reserved for state-sponsored attacks. The hack used automation, was well-organised, and targeted selected accounts for maximum impact. The money is already being moved from the initial Bitcoin wallet to make tracking harder. 

These perpetrators may be financially motivated and conducting a smash-and-grab attack, but that does not mean the damage done ends with the Bitcoin scam. While Twitter put all hands-on-deck to deal with prominent individuals’ accounts, it is unclear what other nefarious activities the attackers have done behind the scenes – e.g. stealing direct messages between high-profile individuals to use them later for extortion or other crime.

In the run up to the US presidential election we can expect to see assaults of this kind become the ‘new normal’. The story is far from over.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: