Twitter VIP account hack highlights the danger of insider threats


Most companies are putting a lot of effort into making sure their network perimeters are secure against remote attacks, but they don’t pay the same level of attention to threats that might originate inside their own organizations. The attack earlier this week that resulted in the hijacking of Twitter accounts belonging to high-profile individuals and brands is the perfect example of the impact a malicious or duped insider and poor privileged access monitoring could have on businesses.

What happened in the Twitter hack?

On Wednesday, the Twitter accounts of business leaders, artists, politicians and popular brands posted messages that instructed users to send bitcoins to an address as part of a cryptocurrency scam. Impacted accounts included those of Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, Joe Biden, Kanye West, Kim Kardashian, Mike Bloomberg, Uber, Apple and even Twitter’s own official support account.

Attackers often impersonate celebrities on Twitter to post similar scam messages, but those campaigns are usually done with fake accounts with few followers. In this case, the rogue messages were posted from verified accounts, which have a checkmark next to their name and whose real identity has been verified by Twitter. This gave more credibility to the scam and allowed it to instantly reach hundreds of millions of users. It’s estimated that attackers earned around $120,000 as a result.

Twitter responded by temporarily suspending the ability of all verified accounts to post new messages and immediately launched an investigation. How could attackers gain access to so many accounts at once? It was achieved by compromising one or more Twitter employees who had access to an internal tool that’s used to manage user accounts.

Some screenshots of the tool were posted on Twitter, but the company deleted them citing violations of its terms of service. The tool seems to allow Twitter employees to perform a number of privileged actions such as suspending accounts, blacklisting tweets and even changing the email addresses associated with accounts, a feature the attackers abused to take over the accounts.

Motherboard cited two of the attackers who claimed they bribed a Twitter employee for access to the control panel. Twitter, however, said the compromise was the result of “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

Copyright © 2020 IDG Communications, Inc.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *