Hackers Tell the Story of the Twitter Attack From the Inside
If you’re a twitter user, twitter got hacked.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.— Support (@Support) July 15, 2020
The accounts of several high profile people like Elon Musk, Bill Gates, Warren Buffet, Barack Obama, Kanye West (no word yet on if this hack had anything to do with his failed Presedential bid 1), and several cryptocurrency accounts all tweeted out a variation of this:
Twitter went nuts.
These type of tweets were still coming through and nothing was stopping. Users were clamoring for twitter to shut down. And it did for some people. Verfied users, users with a blue check mark that twitter gives users who are influential in some way and have proved they are who they say they are, weren’t allowed to tweet for about 20 minutes while twitter figured out what was happening.
Speculation abounded. Who was behind this? Was it the Russians? Could they influence the 2020 election cycle like they did in 2016?
The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.2
Luckily, the hackers only got away with $118,000 in bitcoin. While not nothing, we’re lucky they only got some money and didn’t start a global war.
So how did they do it?
Twitter’s investigation into the breach revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack,” a spokesman said, referring to attacks that trick people into giving up their credentials. The attackers then used Twitter’s internal systems to tweet from high-profile accounts like Mr. Biden’s.
I’m privacy paranoid. I use 1Password to generate random passwords and use Two-Factor Authentication for as much as I can. But social engineering is some crazy stuff.3 I’d like to think I’m immune but it can happen to anyone.