Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Twitter Hack: A Sign of More Troubles Ahead?

Some Experts Say the Platform's Security Failures Could Lead to Bigger Attacks
Twitter Hack: A Sign of More Troubles Ahead?

While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

By Thursday, the Twitter accounts affected by the hacking incident had returned to normal. Those include the accounts of Democratic presidential candidate Joe Biden, Tesla CEO Elon Musk, Microsoft founder Bill Gates and the corporate accounts of Apple, Uber and others. The affected verified accounts with their distinctive blue checkmarks could send out messages and tweets again.

Twitter said in a Wednesday statement that the incident appears related to a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." But the social media giant has yet to provide further details.

In addition to Twitter's own internal investigation, the Wall Street Journal reported that both the FBI and New York State authorities are now investigating the incident as well.

Wednesday's Twitter hack is likely a one-off incident with financial gain as the goal, some security experts tell Information Security Media Group. But the fact that verified accounts of public figures were successfully manipulated indicates the stage is set for more damaging attacks.

In Wednesday’s incident, the hackers took over accounts seeking to get followers to send money. But in a future attack, “could the instructions change, and would they be followed?" asks Evan Dornbush, a former employee with the U.S. National Security Agency and now CEO of security firm Point3 Security.

Mounir Hahad, the head of Juniper Threat Labs at Juniper Networks, says hackers who take over the accounts of influential leaders could potentially cause chaos.

Bill Gates' verified Twitter account was hijacked Wednesday. (Source: SeekingAlpha)

"This is a very serious hack that could have resulted in a lot of damage in financial markets should a tweet have been attributed to a personality with influence, like the president of the United States, the Treasury secretary or the chairman of the Federal Reserve Bank," Hahad says.

Nature of Wednesday’s Incident

Troy Mursch, the chief research officer at security firm Bad Packets, notes that the Wednesday hacking incident could be something bigger “than what we saw on the surface as a bitcoin scam."

Although Saryu Nayyar, the CEO of security firm Gurucul, does not believe Wednesday's hacking incident was a trial run for a more damaging cyberattack, she says other groups could now be inspired to wage similar campaigns.

"It seems unlikely that this was itself a proof-of-concept for a more dangerous attack, but we will certainly see attackers use this technique in the future," Nayyar tells ISMG. "What their goals down the road will be is anyone's guess."

Nayyar notes that the hackers were cunning enough to use social engineering techniques and chose a proper target audience - walking a thin line between targeting those tech savvy enough to access bitcoin yet gullible enough to fall for such an obvious ploy.

"The trouble going forward is, will people believe VIP social media posts because they trust they are 'real'? That could lead to dangerous consequences socially, as well as financially, as we've just seen," Nayyar says.

The hackers behind Wednesday’s incident likely were just out to make a quick buck, says Dmitry Galov, a security researcher at Kaspersky. In fact, some 360 individuals reportedly transferred approximately $120,000 in bitcoin to the scammers within two hours of the account takeovers.

"Obviously, this attack carries some financial and reputational risks for the company,” Galov says. “However, as it appears to be a one-shot attack, we do not currently believe that it carries any extensive global ramifications.”

An Inside Job?

On Thursday, Vice Motherboard, citing sources who identified themselves as hackers who took over Twitter accounts Wednesday, reported that a Twitter employee gave hackers access to an internal tool that allowed them to hijack the verified accounts.

Twitter has had previous issues with employees who apparently gave access to outsiders. In November 2019, the U.S. Justice Department charged three men with perpetrating a campaign to infiltrate the social media company and spy on critics of the Saudi Arabian government (see: Feds Allege Saudi Spies Infiltrated Twitter).

The hijacking of verified accounts has also prompted some to question why Twitter doesn’t take more security steps for employees as well as users.

On Thursday, Sen. Ron Wyden, D-Ore., noted that Twitter CEO Jack Dorsey promised to provide end-to-end encryption for Twitter's Direct Messaging features in 2018, but it has not yet delivered on that pledge.

Dorsey has been a victim of account hijacking. In September 2019, his Twitter account was taken over for a short period and used to send out racist messages (see: Hey Jack, How Was Your Account Hacked?).


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.