- How it all unfolded
- Twitter in tatters
- Possible suspects
- Previous similar incidents
Cyberattacks and security breaches continue to make headlines around the world each day. These hacks, which affect individuals and corporations alike, could result in significant damages, especially financially. In its Official Annual Cybercrime Report, Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion by 2021.
Well, hackers took a small, yet alarming step towards achieving that goal on Wednesday when they hacked Twitter accounts of prominent users to launch a Bitcoin scam. The attack harvested more than $100,000 from victims, and the manner how it was executed is unprecedented.
Never before have cybercriminals been able to breach the accounts of so many verified Twitter users. The company admitted that the attackers targeted employees who had access to internal systems and tools.
How the Twitter Bitcoin Scam Went Down?
Did you notice any strange activity from American high-profile individuals and companies on Twitter? Because on Wednesday, July 15, all these accounts were unknowingly part of a Bitcoin scam.
The attack targeted billionaires Jeff Bezos, Elon Musk, Bill Gates, Mike Bloomberg, and public figures Kanye West and Kim Kardashian. Even politicians fell victim to these hacks, including former US president Barak Obama and the current Democratic presidential candidate, Joe Biden. Corporate accounts were also a target as both Apple and Uber reported being on the receiving of the cyberattack.
Hackers were able to use these verified accounts to scam people into sending them Bitcoins, offering to double any amount of money they receive. “If you send me $1,000, I will send back $2,000,” Biden’s and Obama’s Twitter accounts said. “Only doing this for 30 minutes.”
Meanwhile, Apple “tweeted” that it supports Bitcoin and “you should too!”
“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled!”
Apple’s hacked Twitter account
The tweets were removed minutes after they were posted, but they had already caused a lot of damage. All these accounts have millions of followers, so it’s hard to determine how much money the attackers actually stole. But blockchain records showed that they received over $100,000 in cryptocurrency.
What Twitter Said
Minutes after the attack, Twitter immediately deleted the posts and took the drastic measure of blocking every verified account from tweeting. It also locked every compromised user, disabled certain functions, and denied password resets. It took hours before blue-ticked profiles were able to tweet again, but the company revealed that it was still fixing the problem.
Twitter went on to say that this was a coordinated attack that targeted employees with access to “internal systems and tools.” It also confirmed that these tools were consequential to execute the attack. However, the social networking service did not reveal whether one of its employees had something to do with it.
Meanwhile, Twitter CEO Jack Dorsey tweeted that they are still diagnosing what happened, adding that they will share the findings once they have a better understanding of the issue. Head of Products Kayvon Beykpour also released a public statement, saying that the investigation is still ongoing. “We’ll be posting updates from @TwitterSupport with more detail soon,” he added.
Cybersecurity Experts’ View
This isn’t the first time Twitter was a target for cyberattacks. In fact, “double your bitcoin” scams have been an ever-present threat on the platform for years. But never before have hackers been able to launch such a widespread attack. This casts further damage to the company’s reputation, especially since it failed to act promptly.
“Twitter’s response to this hack was astonishing. It’s the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident.”
Dan Guido, CEO of Trail of Bits
Cybersecurity experts are questioning Twitter’s security and prowess in defending attacks. Synopsys‘s Director of Software Engineering Michael Borohovski said that hackers most likely breached the platform’s back end or service layer, rather than individual accounts. He warned that if this is true, then cyber criminals could go on a data-stealing spree, using the Bitcoin scam as a distraction.
CrowdStrike co-founder Dmitri Alperovitch echoed Borohovski’s views. He stated that it’s lucky hackers only walked away with just over $100,000, considering that Twitter victims have millions of followers. He added that the breach appears to be “the worst hack of a major social media platform yet.”
Even Twitter wasn’t certain whether scammers used the Bitcoin fraud as a decoy to harvest sensitive data. But it seems that the attackers had one goal in mind – collect as much money as possible before the tweets disappear. The FBI also released a statement saying that the scammers’ objective was probably to steal cryptocurrency.
Who Was Behind the Bitcoin Scam?
As soon as Twitter discovered the breach, it launched an investigation and sought to fix the problem. And although the perpetrators are still at large, several groups claimed responsibility for the attack.
According to the BBC, who quoted a security source, some fake tweets directed users to a website called cryptoforhealth.com. A cybercriminal used the name “Anthony Elias” and [email protected] email address to register the site. The name is most likely a wordplay to “an alias.”
cryptoforhealth is also an account on Instagram that hackers probably set up at the same time as the attack. The profile’s description read “it was us” and featured a message that said: “It was a charity attack. Your money will find its way to the right place.”
MotherBoard also carried out an investigation of its own. It revealed that several darknet circles are circulating screenshots of an internal admin tool that was supposedly responsible for the account breaches. The tool allowed hackers to reset account emails and recover passwords.
In a later update, the company said it talked to two hackers who admitted to paying a Twitter employee to change email addresses of verified users using the internal tool. As a result, they would have control over the victims’ accounts. Motherboard even shared screenshots of the tool that allegedly caused this whole mess.
Previous Twitter, Other Social Media Platform Hacks
As I mentioned earlier, this isn’t the first time cyber attackers targeted Twitter. In 2019, a hacker took over CEO Jack Dorsey’s account and used it to send insulting and racist tweets. Also, during that same year, the US government accused two Twitter employees of espionage. The suspects were reportedly spying for Saudi Arabia on dissidents who use the platform.
Other prominent individuals and corporations were also victims of hacks in 2013 and 2015. They include Donald Trump and Taylor Swift, as well as the Guardian and the Associated Press.
Also in 2013, attackers got their hands on sensitive data pertaining to more than 250,000 accounts. The information included emails, usernames, and encrypted versions of their passwords. And in 2010, investigators found that Twitter’s security vulnerabilities enabled hackers to seize 45 high-profile accounts. They included then US president Barak Obama and Fox News.
2018 was a catastrophic year for Facebook in terms of user privacy. Hackers were able to access the accounts of 50 million users and steal entry tokens and personal information. Furthermore, the company revealed that political data firm Cambridge Analytica improperly accessed 87 million accounts and collected sensitive data. Consequently, Facebook received a $5 billion fine for failing to protect consumer data from third parties.
Other minor breaches took place in 2008 and 2013, thanks to software flaws and technical glitches. They exposed millions of phone numbers, emails, and confidential birthdates.
In May 2019, the Facebook-owned messaging platform discovered a security breach that allowed attackers to install spyware via WhatsApp Calling. WhatsApp said a government spied on human rights groups using a surveillance technology that a private company developed.
Telegram
Another company that is no stranger to security breaches, Telegram came under attack from Iranian hackers in 2016. It compromised phone numbers of 15 million users, allowing cybercriminals to identify them.
LinkedIn and Tumblr
In 2012, Russian cybercriminals infiltrated Microsoft-owned LinkedIn, stole almost 6.5 million account passwords, and posted them online. Blogging platform Tumblr also suffered from a similar fate in 2013, after hackers stole data from 65 million users and shared it online.
