July 21, 2020

Tweets Ahoy! Coining the Bits

Yet again cyber criminals manage to pull off one of the most daring bitcoin heists of all times by impersonating celebrities. How much exactly should you as a user be worried?

Tweets Ahoy! Coining the Bits

Tweeting away your thoughts this fine day? Take care as you might as well be a value target for a cyber attacker, lurking somewhere between the threads, in for a quick bitcoin heist! Regardless of whether or not you are somebody who leverages twitter for business or recreational purposes, the worst, with respect to your online social media security and well being, has already come to pass. More so, this falls in line with predictions of our BroBot the Loon (your dedicated Cyber Astrologer). Earlier this year, in the month of April itself, BroBot had predicted that a plethora of cybercrimes was on its way, provided the massive shift towards digital space in the wake of Wuhan Virus Pandemic.

BroBot the Loon

Twitter, as we know it, is the world’s leading microblogging website with over 330 Million users worldwide apart from being one of the most “secure” systems around. The site boasts an elaborate cybersecurity infrastructure, a dedicated cybersecurity team, and excellent end-user protection mechanisms like two/multi-factor authentications, advanced encryptions, etc. However, if despite all that hackers are able to penetrate the system and gain control of accounts of celebrities, then it is certainly something that should ring bells.

What exactly happened?

Last Wednesday, ambiguous and out of line tweets started appearing from twitter handles belonging to high profile celebrities like Former US President Barack Obama, Democratic candidate for presidential elections Joe Biden, musician Kanye West, Microsoft CEO Bill Gates, and Tesla CEO Elon Musk. The tweets promised that Bitcoin payments sent to a specific (mentioned) address would be doubled.

Since the tweets originated from verified celebrity accounts, people readily believed them and the hackers managed to pull off a handsome $120,000.

For instance, this tweet comes from Elon Musk’s official account that had been hacked:

Elon Musk's Official Twitter Handle

And this one emanated from the official account of Former US President Barack Obama-

Barack Obama's Official Twitter Handle

Another similar tweet came from the account of American Rapper Wiz Khalifa-

Wiz Khalifa's Official Twitter Handle

As you can notice, the same bitcoin account address has been provided in each of the tweets, thus indicative of the attack having been carried out by a single organization. While Twitter, upon being alerted, tried to take these tweets down initially, several of them reappeared. Finally, Twitter had no option but to lock down the concerned accounts.

The incident has thus far claimed the fortunes of some 375 gullible victims which the hackers have been quick to move and distribute across their mixing / rationalization / laundering channels.

A total of 130 accounts have reportedly been compromised with hackers having gained extended control of at least 45 of them by resetting passwords. Hackers have also downloaded the information belonging to 8 of these accounts via the “Your Twitter Data” tool.

Delivering the blows

One thing that we know for sure is that Twitter’s own internal tools have been leveraged to gain entry into the victims’ accounts. Cybersecurity specialists associated with Twitter believe the attackers had gained access to password resetting tools generally available to Twitter employees via systematic “social engineering” attacks. The Email addresses associated with the accounts in question were changed, thus allowing the hackers to receive the “password reset links”.

Social Engineering is a type of cyberattack carried out by deceiving the victim and manipulating him/her into divulging confidential information.

Skeptics, however, have been pointing at a fowler play with some sources claiming that the hackers were able to convince a Twitter employee to help them. Mind you these speculations are based on chat messages that have “apparently” been doing rounds within the hacker brotherhood, which in turn invites another set of speculations. Initially brought to light by Media outlets Motherboard (digital tech wing of Vice) and New York Times who claim to have established contact with the hackers.

The Response

So far, Twitter has not been able to ascertain which of its employees has played the mole, whether willingly or unknowingly, although the investigation process continues. Additionally, the microblogging giant claims it is looking into what other malicious activity the hackers may have conducted or information they may have accessed. Functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), has been restricted.

As an added measure Twitter has temporarily disabled the “reset password” facility for all accounts and steps have been taken to lock any account that had attempted to change the password during the past 30 days.

Twitter Support

The feature that allowed the users to download Twitter data stands suspended too. Twitter has claimed it will be aggressively beefing up its security measures and access that employees have by automating certain security-related processes.

Drawing Lines

Twitter’s incident response team secured and revoked access to internal systems to prevent the attackers from further accessing systems or individual accounts. Further details into the incident and remediation steps are being deliberately withheld as of now to protect their effectiveness. We can expect more technical details, in the future.

The Road Ahead

As of now, the core objectives roadmap laid out by Twitter involves but is not limited to:

  • Restoring access for all account owners who may still be locked out as a result of remediation efforts.
  • Continuing investigation of the incident and cooperating with law enforcement.
  • Securing systems to prevent similar future attacks.
  • Rolling out company-wide training to guard against social engineering tactics to as an add on to the training employees receive during onboarding.
Its Frustrating, Isn't it?

Conclusion and Analysis

So to sum all that up, whatever happened was unscrupulous, cowardly and utterly disheartening. No one had expected it could actually come to this and we hope Twitter gets over this soon. On a different note, ladies and gentlemen, this incident highlights the dire need for Cyber Awareness and Cybersecurity implementations within networks.

“Cybersecurity is a Human Problem, the person at the keyboard is the weakest link in any system.”

To be honest, Social Engineering attack is a "fool's trap" when defined in the best of terms. It doesn't take much intelligence, innovation or sophisticated skills on part of the attacker to be carried out and generally targets people with acute forbidden weaknesses. Weaknesses like Fear, Lust, Anger, and mostly Greed (like in this case itself) that can cause your otherwise sane mind to react out of line. The best way to stay safe in such cases is to stay doubly alert and focused. Any incoming piece of text that captures your attention, remember the golden rule-

“Doubt First and Trust Later!”

BhaiFi remains ever committed to your online safety, security, and well being. Cheers and Happy Reading! Stay Safe!