Lat­est in a long line of cy­ber at­tacks and blun­ders that have dogged the mi­croblog­ging site

From the com­pany boss to the pres­i­dent, the firm has been ex­posed many times, writes Hasan Chowd­hury

The Daily Telegraph - Business - - Technology Intelligen­ce -

The at­tack was on a scale pre­vi­ously un­seen by Twit­ter. On Wed­nes­day, the ac­counts of some of its high­est pro­file users, in­clud­ing Joe Bi­den, Elon Musk, Jeff Be­zos, Ap­ple, Uber and oth­ers, fell prey to a Bit­coin scam.

For the so­cial me­dia firm, which blamed a “co­or­di­nated so­cial en­gi­neer­ing at­tack”, the breach rep­re­sents a night­mare. “This raises ma­jor con­cerns be­cause it in­di­cates the in­ter­nal se­cu­rity prac­tices have not caught or pre­vented this from oc­cur­ring,” says Joseph Carson, chief se­cu­rity sci­en­tist at Thy­cotic.

But it is not the first in­stance of se­cu­rity fail­ures. Twit­ter has a long his­tory of fail­ures go­ing back years.

Jan 2015 – US pledges al­le­giance with IS

In the most un­likely of pair­ings, the

Twit­ter ac­count for the US Cen­tral Com­mand was hacked in 2015.

Its header im­age re­placed with a pic­ture la­belled “cy­ber caliphate”, while the main im­age was re­placed with that of a mil­i­tant.

The ac­count, rep­re­sent­ing a crit­i­cal divi­sion of the US Depart­ment of De­fence, also tweeted out a mes­sage that threat­ened at­tacks on other mem­bers of the US mil­i­tary.

At the time, the hack was de­scribed as an “act of van­dal­ism” as no sen­si­tive in­for­ma­tion had been com­pro­mised.

Though it was un­clear how the breach took place, cy­ber se­cu­rity ex­perts point to usual meth­ods such as so­cial en­gi­neer­ing, which may have in­volved an of­fi­cial look­ing af­ter the ac­count be­ing tricked into shar­ing lo­gin cre­den­tials.

July 2016 – Jack Dorsey; pass­words in the ether

In the sum­mer of 2016, Jack Dorsey, the Twit­ter chief ex­ec­u­tive, found out the hard way that even he could be hacked. A se­cu­rity firm, known as OurMine, had hacked into the Twit­ter chief ’s ac­count and tweeted out a mes­sage to say that it was “test­ing

your se­cu­rity” along with a video pro­mot­ing the com­pany’s web­site.

The tim­ing of the af­fair was key. It took place just one month af­ter the com­pany was forced to lock down a se­ries of ac­counts af­ter mil­lions of pass­words had been leaked on­line for sale. Twit­ter claimed at the time that the pass­words had not been re­leased as a re­sult of a weak­ness in its own sys­tems, but seemed to have re­sulted from mal­ware hit­ting more than 20m peo­ple.

Novem­ber 2017 – Don­ald Trump de­ac­ti­vated

Just one year into his pres­i­dency, Don­ald Trump found him­self locked out of his favoured so­cial net­work. His ac­count was de­ac­ti­vated for ap­prox­i­mately 11 min­utes at the hands of Bahti­yar Duysak, a “rogue” worker who pulled the stunt on his fi­nal day serv­ing as a con­trac­tor for the firm.

The in­ci­dent, which Duysak later claimed was a “mis­take”, raised con­cerns among se­cu­rity of­fi­cials about the ex­tent to which even lower-level per­son­nel had ac­cess to the con­trols of more sen­si­tive ac­counts. “One might think that’s maybe too much ac­cess for a low level con­trac­tor,” says Ge­orge Glass, head of threat in­tel­li­gence at Red­scan.

‘One might think that’s maybe too much ac­cess for a low level con­trac­tor’

Novem­ber 2018 – sup­port forms ex­posed

Sup­port forms on Twit­ter are used by ac­count hold­ers on the ser­vice to con­tact the com­pany and raise any is­sues they might be ex­pe­ri­enc­ing. But in Novem­ber 2018, an is­sue with the sup­port form sys­tem meant peo­ple could dis­cover the coun­try code of phone num­bers if they had one tied to their ac­counts. Though the is­sue was re­solved in a day and af­fected users were in­formed, the in­ci­dent had ex­posed “un­usual ac­tiv­ity”, with a large num­ber of inquiries for sup­port com­ing from in­di­vid­ual IP ad­dresses lo­cated in China and Saudi Ara­bia.

Twit­ter could not con­firm rea­son for the re­quests, but said it was pos­si­ble some of the ad­dresses “may have ties to state-spon­sored ac­tors”, rais­ing con­cerns about at­tacks on the ser­vice.

Au­gust 2019 – Twit­ter chief ex­posed (again)

Last year, Twit­ter boss Dorsey found,

yet again, that he was in no way im­mune to ma­li­cious ac­tors.

Mul­ti­ple tweets from his ac­count in­cluded pro­fan­ity, racial slurs and adu­la­tion for Adolf Hitler as it was tar­geted by a group that called it­self the “Chuck­ling Squad”. The ac­count was re­cov­ered within 30 min­utes but high­lighted the lat­est case of a sim­ple but ef­fec­tive hack known as sim hi­jack­ing.

“The phone num­ber as­so­ci­ated with the ac­count was com­pro­mised due to a se­cu­rity over­sight by the mo­bile provider,” Twit­ter said at the time, claim­ing it al­lowed an unau­tho­rised per­son to com­pose and send tweets via text mes­sage.

Pro­fes­sor Alan Wood­ford, com­puter se­cu­rity ex­pert at Sur­rey Univer­sity, says the hack in­volves a sim­ple call to a phone com­pany to “con­vince them that you’ve got an­other sim” and get a known num­ber pulled to the new sim.

“It turned out Twit­ter up to that point had a way of do­ing pass­word re­set via SMS,” he says.

July 2020 – Bit­coin scam

This lat­est in­ci­dent is fun­da­men­tally dif­fer­ent, says Thy­cotic’s Carson. “The pre­vi­ous ones are ba­si­cally sin­gle ac­count tar­gets, it was tar­get­ing the ac­count holder them­selves,” he says. “This par­tic­u­lar case could have po­ten­tially harmed all ac­counts… it seems to get into the ac­tual in­ter­nal back end sys­tems, that’s the con­cern.”

Though the ac­counts have now re­turned to nor­mal, it goes to show that Twit­ter is still vul­ner­a­ble.

Don­ald Trump’s Twit­ter ac­count was tem­po­rar­ily de­ac­ti­vated

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.