Hack from within has Twitter scrambling
As forensic investigators at Twitter hurried Wednesday to discover the origin of one of the worst hacks in the company’s history, the team came to a startling conclusion: The hack was coming from an account inside the house.
But even by Thursday afternoon, 24 hours after hackers pushed a Bitcoin scam from the accounts of political leaders like former Vice President Joe Biden and industry titans like Elon Musk, the company’s researchers were still struggling to nail down many other basic aspects of the breach, including whether an employee had been complicit. The company was also still sorting out how many accounts were affected and whether the attackers had gained access to details within the accounts, such as private messages.
A few things were certain. Investigators know that at least one employee’s account and credentials were taken over and used to gain access to an internal dashboard, allowing the infiltrator to control most Twitter accounts, according to two people briefed on the company’s investigation. They would speak only anonymously because the investigation was still underway.
Yet many of the details remained unclear, the people said. Investigators were still trying to determine if the hackers tricked the employee into handing over login information. Twitter suggested Wednesday that the hackers had used “social engineering,” a strategy to gain passwords or other personal information by posing as a trusted person like a company representative. But another line of inquiry includes whether a Twitter employee was bribed for their credentials, something one person who claimed responsibility for the hack told the technology site Motherboard.
The FBI said it was looking into the hack.
“At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the agency said in a statement. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
Twitter said in a statement, “We’ve taken steps to further secure our systems and will continue to share what we learn through our investigation.”
The attack raised questions about election security, especially since political leaders were among those attacked. If the messages sent by hackers were political in nature instead of a financial scam — perhaps about closed polling sites on Election Day — that could manipulate turnout.
President Donald Trump’s account was not affected by the breach, Kayleigh McEnany, the White House press secretary, said Thursday.
The Senate Select Committee on Intelligence said it would request information from Twitter about the hack.
“The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment, exploitable not just for scams but for more impactful efforts to cause confusion, havoc and political mischief,” said Sen. Mark Warner, D-Va., the vice chairman of the committee.
The hackers received $120,000 worth of bitcoins in 518 transactions from around the world, according to Chainalysis, a research company that tracks the movement of cryptocurrencies. Most of the victims had Bitcoin wallets associated with Asia, but about a quarter came from the United States, according to another cryptocurrency research firm, Elliptic.
Soon after the money came into their wallet, the hackers began moving the money in a complicated pattern of transactions that will help obscure the source and make it harder to track, Chainalysis found.