Friday, July 17, 2020

Twitter Hack Highlights Security Concerns

This month the theme at Ethics Forum has been personal privacy and Big Tech. On Thursday, July 16, Twitter announced that 130 Twitter accounts were hacked in what constitutes one of the biggest security breaches of the social media platform.

The accounts that were hacked include high profile figures such as Barak Obama, Joe Biden, and Elon Musk.

Twitter reported, “For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”

The first public signs of the intrusion came around 3 PM EDT on Wednesday, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money.

The hack actually began on Tuesday night, when several verified Twitter accounts began tweeting out posts asking users to send them money through bitcoin. The hackers targeted employees with access to internal systems and tools in what the company described as a successful “coordinated social engineering attack.” The hackers raised the equivalent of over $115,000.
There is evidence that this attack was perpetrated by individuals who have specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account.

KrebsOnSecurity reports a security source at one of the largest U.S.-based mobile carriers, who said the “j0e” and “dead” Instagram accounts are tied to a notorious SIM swapper who goes by the nickname “PlugWalkJoe.” Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists.

Twitter has made this statement: "We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can."

Twitter removed any tweets across its platform that included screenshots of its internal tools, and in some cases temporarily suspended the ability of those accounts to tweet further.

Another Twitter account — @shinji — also was tweeting out screenshots of Twitter’s internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying “follow @6,” referring to the account hijacked from Lucky225.

No comments: