Ques­tions re­main as dust set­tles on plat­form’s big­gest se­cu­rity breach

The Daily Telegraph - Business - - Technology Intelligen­ce - HANNAH BOLAND

Twit­ter was struck by an un­prece­dented hack on Wed­nes­day night that saw scores of high-pro­file ac­counts, from Barack Obama and Joe Bi­den to Elon Musk and Kayne West, com­pro­mised.

While it is clear that ul­ti­mately hack­ers man­aged to hi­jack in­ter­nal Twit­ter sys­tems and tools to gain ac­cess to “ver­i­fied” ac­counts and pro­mote their clas­sic Bit­coin scam, de­tails of the breach still re­main murky. In the wake of the at­tack,

‘It is un­clear what other ne­far­i­ous ac­tiv­i­ties the at­tack­ers have done be­hind the scenes’

Twit­ter sig­nalled its sys­tems had some role to play, say­ing it had taken “sig­nif­i­cant steps to limit ac­cess to in­ter­nal sys­tems and tools”.

It said there had been a “co­or­di­nated so­cial en­gi­neer­ing at­tack by peo­ple who suc­cess­fully tar­geted some of our em­ploy­ees with ac­cess to in­ter­nal sys­tems and tools.

“We know they used this ac­cess to take con­trol of many highly vis­i­ble (in­clud­ing ver­i­fied) ac­counts and Tweet on their be­half.”

Much spec­u­la­tion, though, has cen­tred on ex­actly how hack­ers gained ac­cess to these tools, which could be used to con­trol the ac­counts of some of the most fol­lowed peo­ple on their site.

One po­ten­tial an­swer is that Twit­ter has shifted many of its staff to re­mote work­ing, which brings in­creased risks. A sur­vey from se­cu­rity firm Ex­abeam out this week sug­gested that 74pc of com­pa­nies had ex­pe­ri­enced “slightly to con­sid­er­ably more” cy­ber­at­tack at­tempts since the Covid-19 out­break.

“Com­pa­nies are grap­pling with the se­cu­rity fall­out from an un­ex­pected shift to re­mote work, but it’s busi­ness as usual for cy­ber­crim­i­nals and for­eign ad­ver­saries with un­prece­dented op­por­tu­nity,” Steve Moore, the chief se­cu­rity strate­gist at Ex­abeam said.

Yet, in this lat­est hack, oth­ers claimed there was a far sim­pler an­swer: that the hack­ers paid a Twit­ter em­ployee.

Mother­board, a web­site owned by Vice, cited leaked screen­shots in that hack­ers al­leged they had used an em­ployee that “lit­er­ally done all the work for us”. Twit­ter told Mother­board it was still in­ves­ti­gat­ing whether or not an em­ployee hi­jacked the ac­counts or gave the hack­ers ac­cess to the tools.

This would not be the first time Twit­ter has had to deal with talk of rogue em­ploy­ees.

In 2017, one of its cus­tomer sup­port em­ploy­ees deleted pres­i­dent Don­ald Trump’s ac­count on their last day, spark­ing con­cern among se­cu­rity ex­perts. Twit­ter later launched an in­ter­nal re­view.

Mean­while, last Novem­ber, two ex-em­ploy­ees were charged with spy­ing for Saudi Ara­bia.

At the time, the com­pany said it “recog­nised the lengths bad ac­tors will go to try and un­der­mine our ser­vice” and that it “un­der­stands the in­cred­i­ble risks faced by many who use Twit­ter to … hold those in power ac­count­able”.

Al­most all the peo­ple tar­geted in this week’s at­tack were “ver­i­fied” users, mean­ing they had blue ticks next to their names and were well­known names or brands.

What is not clear is why par­tic­u­lar ac­counts were cho­sen over oth­ers. By and large, it ap­pears the hack­ers were go­ing af­ter ac­counts with large fol­low­ings or those with con­nec­tions to cryp­tocur­rency.

Yet, the question re­mains: why were names such as Kanye West and Elon Musk hacked over names like Don­ald Trump. Why did Lady Gaga and Tay­lor Swift es­cape, over Wiz Khal­ifa, who has less than half their fol­low­ing?

Some may ar­gue it is down to the se­cu­rity of those ac­counts, but Bit­coin bil­lion­aire Cameron Win­klevoss says this is not the case.

On Twit­ter on Wed­nes­day night, he wrote that the ac­count for his com­pany Gemini, which also fell vic­tim to the at­tack, had been equipped with two-fac­tor au­then­ti­ca­tion and a strong pass­word.

The aim of the at­tack ap­pears to have been to get users to put cash into a Bit­coin wal­let – al­though how suc­cess­ful that was re­mains un­clear. Re­ports sug­gested just over $100,000 (£79,000) had been de­posited into the ac­counts on Wed­nes­day evening, but many cy­ber-crim­i­nals also put their own money into the wal­let to make the scheme seem le­git­i­mate.

How­ever, it is not yet clear if this is the end. Af­ter all, the hack­ers ap­peared able to gain con­trol of many high-pro­file ac­counts, which could mean their pri­vate mes­sages and data could have been com­pro­mised.

Max Heine­meyer, the di­rec­tor of threat hunt­ing at cy­ber firm Dark­trace, said the “per­pe­tra­tors may be fi­nan­cially mo­ti­vated and con­duct­ing a smash-and-grab at­tack, but that does not mean the dam­age done ends with the Bit­coin scam.

“While Twit­ter put all hands on deck to deal with prom­i­nent in­di­vid­u­als’ ac­counts, it is un­clear what other ne­far­i­ous ac­tiv­i­ties the at­tack­ers have done be­hind the scenes – eg steal­ing di­rect mes­sages be­tween high-pro­file in­di­vid­u­als to use them later for ex­tor­tion or other crime,” he warned.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.