The Great Hack of Twitter Admins: How, Why, and Who?
by Jim Lundy
Yesterday, Twitter was attacked in what is called an advanced persistent threat attack. In this case, users were targeted, and their accounts were taken over, including the accounts of many high-profile celebrities. Some of these users were even Twitter administrators that have sophisticated tools for managing users inside the Twitter platform. This blog discusses the hack, how it happened, and who the responsible parties might be.
Twitter Admins and the Big Hack
10 years ago, Google admins were hacked badly. Many believed that Chinese hackers were to blame. Admin accounts are popular targets of hackers because they enable hackers to gain a foothold inside the network. Many times, to hack an admin account, a more sophisticated attack—an advanced persistent threat (APT)—is required.
While Twitter is not disclosing how the hack took place, we know that to get into an admin account it takes multiple-factor authentication, which is why it will eventually come out that the attackers used an APT approach to deceive the admins into giving out their passwords.
It is still unclear if the hackers had help from the inside or not. Twitter continues to investigate the breach.
The Bitcoin Angle and the Hackers
The attackers used the high-profile accounts to push a bitcoin scam, asking users to send money to a bitcoin address in exchange for double the money in return. They succeeded in stealing over $100,000 in bitcoin value, but their unsophisticated approach to the blockchain may have left traces that will seal their fate.
Despite using a series of proxies, Reddit users and other interested parties managed to trace the hack to a set of bitcoin exchanges, notably, Coinbase and BitMex. One user was even identified that had sent a transaction through the network. Brave users will hopefully continue to help identify who this anonymous user was, which will probably lead us to the group of people that pulled off the hack. Major cryptocurrency exchanges may also be able to query their records to help Twitter identify the source of the breach.
The Lessons Learned
Twitter needs to shore up its security and ensure that engineered attacks can be thwarted. Often when this type of attack occurs, a security incident team is sent in. The other opportunity is to leverage security-focused privacy platforms such as BlackFog, which can help thwart the theft of user data from both good and bad sites.
Ultimately, the story of the Twitter hack shows that even the biggest tech giants have a long way to go in terms of network security. This hack should be a wake-up call to any business that manages large volumes of user data. At the same time, the lack of subtlety in the hackers’ bitcoin-scamming methods may help authorities track them down. At the end of the day, Twitter’s hack shows that no business social media platform is completely safe from advanced persistent threats, and that steps need to be taken to ensure the security and privacy of users on social media websites.