130 hijacked celebrity accounts, the whole picture of the unknown Twitter hack

There are over 330 million US Twitter users worldwide. In July 2020, by a chance of remote jobs, a vast number of accounts were hijacked. In a fake post sent via Bitcoin, more than $ 118,000 was robbed. Twitter had no chief information security officer at the time. The New York State Financial Services Agency, which polled them, points out that there is a need for government oversight.

Thursday, November 19, 2020, 11:03 GMT

The world’s total number of monthly users approaches 330 million, and each country’s leaders often use Twitter to announce comments. Twitter experienced a large-scale takeover of its Twitter handle on July 15, 2020 (local time).

The criminal group hijacked a celebrity or a popular company’s Twitter account and unlawfully posted a message saying “double and return” if you send a crypto asset (virtual currency), Bitcoin, to a specified address. At the end of July 2020, offenders residing in Florida and the United Kingdom were named and convicted by the US Department of Justice.

The perpetrator was a 17-year-old boy (at the time) who received scrutiny, and a “Twitter hack.” is considered the chain of events.

On October 14, 2020, the New York State Department of Financial Services (NYDFS) released a study paper. According to this, more than $118,000 in Bitcoin was stolen from a series of fake articles. To hack into Twitter’s internal structure without using any sophisticated technologies or the new tactics, the criminal group used a tactic dubbed “social engineering”

Social engineering is an old-fashioned assault tactic that by taking advantage of human psychological gaps and errors, exploits sensitive information. The fact that Twitter was vulnerable to these approaches “shows that it is risky to leave voluntary cybersecurity measures to companies with socially influential infrastructure,” NYDFS points out. He then proposed that effective rules be set up by the US federal government.

I look back on the entire unexplained Twitter hack on the basis of the article.

Call an IT department employee who pretends to be
On the afternoon of July 14, 2020, the incident started. The criminal organization called the IT department of Twitter’s support desk and called multiple workers working from home, claiming to fix a VPN (Virtual Private Network) link issue recorded. Since March 2020, Twitter, like many enterprises, has moved to remote work to stop the spread of the latest coronavirus. The crime organization was mindful of this condition as well.

They instructed them to enter a phishing site of the same nature with a domain name similar to the legal VPN site used by Twitter, while the criminal group called the employee. And there were staff who had truly been misled. That’s because Twitter staff faced VPN connectivity concerns on a regular basis when dealing with VPN connections, and wanted the IT department’s help.

The criminal organization inserted the login details at the same time on Twitter’s legitimate VPN platform when an employee tricked by telephone entered his login information into a phishing site. This will send a message to the employee’s smartphone for multi-factor authentication (MFA). Twitter used MFA on the basis of mobile applications at the time. The terrorist group even broke into MFA when the misled employee entered the credentials and broke through Twitter’s internal structure successfully.

The criminal group conducted a preliminary survey, according to a NYDFS report, to identify not only the home address and mobile phone number reported by Twitter employees on the SNS (exchange site), but also the company material, internal position and title. Looks as they did. It is likely that when he was led to a phishing site by phone, he was still asking for information about internal activities by conversations.

Twitter provides an internal tool for Twitter identity management that is only open to a small range of staff. It handles account-related e-mail addresses and phone numbers, log-in IP addresses, etc and changes e-mail addresses, resets passwords, and allows user-requested multi-factor authentication. In addition to demands from countries that prohibit material that breaches the legislation, it is also possible to limit individual accounts and tweets or to block content that violates Twitter’s Terms of Service.

The account of the employee whom the crime gang first manipulated had no access to this internal monitoring tool. I was using the same account, though to review in depth the in-house information system. He said that he had acquired intranet knowledge, including how to reach other programs.

The crime gang threatened another employee who had access to internal management software the next day, July 15. Sensitive legal responders were also included among the targeted personnel, such as court rulings and demands for material removal. This was only the first step of an assault by a terrorist organization so far.