In the July attack, hackers required approximately 24 hours to take over high-profile Twitter accounts, a New York Department of Financial Services study shows.
The attack began on July 14 and concluded the next day, when it became clear that various high-profile accounts were hacked and leveraged to facilitate a cryptocurrency scheme, including those of Bill Gates, Elon Musk, Barack Obama, and Jeff Bezos.
In order to change email addresses and login passwords for targeted accounts and gain possession of them, the hackers found shortly after the incident leveraged internal Twitter networks. It targeted a total of 130 accounts and updated the passwords for 45 of them.
Twitter announced a few weeks after the incident that hackers threatened some workers with phone phishing before they obtained access to the account support software they wanted.
The New York Department of Financial Services, which opened a probe on July 16, reveals in a report summarising an investigation into the incident that the attack lasted about 24 hours from when the phishing calls were placed before the intended accounts were hacked.
It was shocking how quickly hackers were able to infiltrate the network of Twitter and obtain access to internal resources that allowed them to take over the account of any Twitter user. The exceptional access gained by hackers using this basic approach highlights the cybersecurity insecurity of Twitter and the potential for catastrophic effects, the report reads.
The attack was supposedly carried out by 17-year-old Graham Ivan Clark (aka Kirk#5270), of Tampa, Florida, who is said to be the mastermind behind the crime, 19-year-old Mason John Sheppard of the United Kingdom (aka Chaewon and ‘ever so anxious#001’), and 22-year-old Nima Fazeli of Orlando, Florida (aka Rolex, Rolex#0373, and Nim F).
In the afternoon of July 14, claiming to be calling from Twitter’s IT department in response to some VPN issues (not unusual because of the huge turn to remote working), the hackers called some employees of the social network and instructed them to enter phishing credentials on a website. The page will produce a bogus warning of multi-factor authentication as well.
The Department could not find any proof that the Twitter staff helped the Hackers intentionally. Instead, to persuade them that the hackers were genuine, the hackers used sensitive information about the workers and could, thus, be trusted. Although some staff reported the calls to the internal fraud reporting unit of Twitter, at least one employee accepted the lies of the hackers, the study shows.
Although the first victim did not have access to the internal infrastructure attacked, the hackers used their passwords to traverse the network and locate the workers who did. They threatened such workers on July 15, including any of those responsible for answering sensitive global legal demands.
The hackers started debating the selling of OG usernames shortly after acquiring the right to take over Twitter accounts (including OG-“original gangster “accounts), and then began openly displaying their connexions to Twitter’s internal systems: on July 15, just before 2:00 p.m., they hacked several OG accounts and posted screenshots of an internal Twitter method.
Next, the hackers moved to authenticated profiles, possibly trying to render their cryptocurrency specifications look valid, the study points out. They hit the cryptocurrency trader @AngeloBTC accounts, crypto-exchange Binance, and ten other cryptocurrency-related accounts, such as Coinbase, Gemini Trust Firm, and Square, Inc., over the next several hours.
The hackers began tweeting from verified accounts with millions of followers over the next couple of hours, including those of Apple, Uber, Bill Gates, Elon Musk, Kanye West, Kim Kardashian West, Joseph R. Biden, Jr., Warren Buffet, and Floyd Mayweather Jr.
Any of the hacked profiles were also used by the Hackers to resend many times the same bitcoin scam messages. The fake tweets hit millions of possible victims around the globe, considering the number of followers for each high-profile user account. The Hackers, via the Twitter Hack, stole around $118,000 worth of bitcoin, ” the paper says.
The Department of Financial Services also points out in its paper, which includes a graphic timeline of the incidents, that some users’ non-public information was breached and that Twitter declined to publicly paper real-time reports on the incident, while the company “seriously restricted or removed the access of its staff to its internal databases” to mitigate the violation.
The study also highlights the effect of the incident on cryptocurrency-related companies and their stakeholders, dissects the flaws in cybersecurity that rendered the breach possible, and offers information on the best practices sensitive organizations can follow to stop or minimize future incidents.
The Twitter Hack has taken to its knees a social networking giant. The David to this Goliath was a gang of unsophisticated cyber crooks who manipulated social media with hundreds of millions of users to cause mass havoc. The election weeks later demonstrates the need to strengthen cybersecurity to avoid abuse of social networking channels, concludes the report.
