• Welcome to the Internet Infidels Discussion Board.

Twitter Cracked by Scammer

 
 
 
lpetrich

lpetrich

Contributor
Joined
Jul 27, 2000
Messages
26,852
Location
Eugene, OR
Gender
Male
Basic Beliefs
Atheist
Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack - The Verge
The scams appear to be part of a widespread hacking operation affecting multiple accounts

The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
Click to expand...
Twitter's management took the drastic step of blocking new tweets from every verified user, and locking every compromised account.
On Wednesday evening, the company revealed that its own internal employee tools were compromised and used in the hack, which may explain why even accounts that claimed to have two-factor authentication were still attempting to fool followers with the Bitcoin scam.

The account takeovers appear to have subsided, but new scam tweets were posting to verified accounts on a regular basis starting shortly after 4PM ET and lasting more than two hours.
Click to expand...
Twitter Support on Twitter: "We are aware of a security incident impacting accounts on Twitter. ..." / Twitter
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

You may be unable to Tweet or reset your password while we review and address this incident. We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.

Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible. Our investigation is still ongoing but here’s what we know so far:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do. We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Click to expand...
 
Twitter CEO Jack Dorsey:
jack on Twitter: "Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right." / Twitter

Product chief Kayvon Beykpour:
Kayvon Beykpour on Twitter: "Our investigation into the security incident is still ongoing but we'll be posting updates from @TwitterSupport with more detail soon. In the meantime I just wanted to say that I'm really sorry for the disruption and frustration this incident has caused our customers." / Twitter

The origin of the scam can be traced to the moment when Musk’s account issued a mysterious tweet at 4:17PM ET reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.

The tweet was then deleted and replaced by another one more plainly laying out the fake promotion. “Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,” it read before also getting deleted. The tweet posted to Gates’ account echoed the Musk tweets, with an identical BTC address attached. It was also deleted shortly after posting, only for a similar message to take its place a few minutes later.
Click to expand...

Tyler Winklevoss on Twitter: "WARNING: @Gemini's twitter account, along with a number of other crypto twitter accounts, has been hacked. This has resulted in @Gemini, @ Coinbase, @Binance, and @ Coindesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS." / Twitter
then
Cameron Winklevoss on Twitter: "ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.
2FA / strong password was used for @Gemini account. We are investigating and hope to have more information shortly. https://t.co/X3C0uJzc6C" / Twitter
 
Twitter reveals that its own employee tools contributed to unprecedented hack - The Verge - "Twitter says hackers compromised high-profile accounts thanks to access to internal tools"
Twitter does not elaborate on what tools the attackers accessed or how exactly the attack was carried out, but Motherboard reported earlier today that various underground hacking circles have been sharing screenshots of an internal company admin tool allegedly used to conduct the account takeovers, potentially by resetting account email accounts and then recovering passwords.

In an update to its investigation on the hack, Motherboard now says it’s talked to hackers who say they paid a Twitter employee to change the email addresses of popular accounts using the internal tool so that they could then take control of them.
Click to expand...
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
"We used a rep that literally done all the work for us," one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.

The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.
Click to expand...
Back to The Verge:
But as Twitter alludes to, there could very well have been ulterior motives at play beyond just a cryptocurrency scam, and political and business accounts may have had sensitive information gleaned from those private messages and other account info. Twitter will now likely face serious questions about its internal security precautions and the protections it has in place to prevent this from ever happening again or from resulting in far more catastrophic consequences in the future. It’s quite possible Twitter will find itself facing government inquiries and investigations.
Click to expand...
 
How they did it? Likely by force-resetting e-mail addresses and then recovering passwords.

The Verge itself tweeted about it:
The Verge on Twitter: "Joe Biden and Mike Bloomberg's accounts are now among those tweeting the Bitcoin scam https://t.co/RdZAGdWkeW" / Twitter
then
Alexandria Ocasio-Cortez on Twitter: "Reporting on this is being shared by @verge and other outlets: https://t.co/PjsVRe0jQc" / Twitter

AOC seems to be safe:
Alexandria Ocasio-Cortez on Twitter: "Hey everyone - there seems to be a large Twitter attack right now targeting large accounts.
Please be vigilant about any bitcoins scams and do NOT click on any suspicious links.
Just in case, if my account tweets any bizarre links related to cryptocurrency, do NOT click on it." / Twitter

Massive Twitter attack hits Biden, Gates, Bezos, and others
That the attack affected high-profile politicians is alarming. While there is no sign that the world’s most prominent political Twitter account—@realDonaldTrump—was compromised, it’s possible the apparent hack could have done more damage if attackers had sought to create political instability rather than simply steal funds.
Click to expand...
 
This looks like some social-engineering job. Social engineering is a security-cracking technique where one tricks people into giving them access to important stuff. Phishing is a common form of social engineering: claim that one's targets need to log into their accounts while giving a fake address that makes a fake version of the login page. One uses that fake version to get passwords, and one can then log into one's targets' accounts.


KD on Twitter: "@AOC @ZerlinaMaxwell @verge Nobody finds is suspicious that so many verified accounts were hacked, including President Obama, yet Trump wasn't hacked?" / Twitter

Or other prominent Republican politicians.
 
My favorite parts are the password recovery questions. What street did you grow up on? Well, that info is known by Experian... who were hacked.

What is your mother's maiden name? Also hacked information.

First pet's name. Finally! A question that isn't known on social media or credit checks. But... my bank was hacked and so they know that too.

Presumably, all of my information is available, someone just has to want to hack me. Luckily it appears my debt to asset ratio doesn't make me susceptible.
 
Jimmy Higgins said:
My favorite parts are the password recovery questions. What street did you grow up on? Well, that info is known by Experian... who were hacked.
Click to expand...

It's also on the Internet.

What is your mother's maiden name? Also hacked information.
Click to expand...

Internet, too.

First pet's name. Finally! A question that isn't known on social media or credit checks. But... my bank was hacked and so they know that too.
Click to expand...

Some people might put that on social media...good you do not.

Presumably, all of my information is available, someone just has to want to hack me. Luckily it appears my debt to asset ratio doesn't make me susceptible.
Click to expand...

I believe you.
 
I think the greatest weakness is that you have people in too much debt (the Manaforts of America) and foreign intelligence sees this. They can take advantage of that and groom people.
 
Don't answer security questions with real information. There are two approaches I would suggest to using password recovery / secondary authentication "security questions".

one approach is to have a city, school, name, etc that you like, that has nothing to do with you, that you always use... Rome... for example.. just pick Rome as the name of whatever city they are asking about... "Johanna Street" I just made that up... but just pick something and use it - no different than picking a password that you use for certain contexts...

The other approach is to use a "security question passphrase" and then append the subject of the security question to it.
For example, pick a password... lets use "2b0rN0t2B". So then for the security question, "what town were you born in", you enter "2b0rN0t2B-Town". For "what is your mother's maiden name", you enter "2b0rN0t2B-Name".

These are solid approaches to entering that information that you may need to use in the distant future, don't want to forget, but don't want anyone to be able to guess if they have gotten more information about you than you expected possible.
 
Twitter hack: 17-year-old accused of masterminding bitcoin scam
  • A 17-year-old in Tampa, Florida, is accused of taking over the Twitter accounts of Elon Musk, Bill Gates, Barack Obama and numerous other celebrities to scam people into sending the teen bitcoin.
  • The teen, whose name and photo CNBC is not publishing because the teen is a minor, was arrested and charged, the office of Hillsborough County State Attorney Andrew Warren announced Friday.
  • Warren’s office has filed 30 felony charges against the 17-year-old.
...
Two adults were also charged, the Department of Justice said Friday.

Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.

The teen’s scam reaped more than $100,000 worth of bitcoin on July 15, according to Warren’s office.
Click to expand...
An update on our security incident in Twitter's blog:
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
Click to expand...
Spear phishing is phishing directed at selected people.
 
You must log in or register to reply here.
Back
Top Bottom