Social Media

In a hack of a day for Twitter, key accounts targeted

S Ronendra Singh New Delhi | Updated on July 16, 2020 Published on July 16, 2020

Twitter said it has locked accounts that were compromised   -  REUTERS

Microblogging site still investigating ‘coordinated social engineering attack’

Even 24 hours after hackers played with prominent Twitter account holders (read, Verified), the social media giant has not been able to catch the culprits.

In his justification, Chief Executive Officer of Twitter Inc, Jack Dorsey, said: “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

He said the company was working hard ‘to make this right’.

Isn’t it surprising that a tech giant is still unable to find out who are the scammers or why it all happened? When contacted for more details, a spokesperson at Twitter India said they also knew only as much as available from the thread of tweets from the headquarters.

In a thread of tweets, Twitter said, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

 

It added that it has locked accounts that were compromised and “will restore access to the original account owner only when we are certain we can do so securely.”

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues,” it added.

Prominent accounts

The prominent, verified Twitter accounts hacked included those of Joe Biden, Elon Musk, Barack Obama, Bill Gates, and Apple. The scam tweets reportedly included catchy — if highly unlikely — messages such as “Feeling greatful” (sic), “doubling all payments made to my Bitcoin address”, urging people to pay out $1,000 and get $2,000 back. Last known, 818 users had fallen for the Bitcoin scam resulting in hackers getting $116,127.54.

Twitter has taken the unusual, but understandable, step of shutting parts of its service while it investigates, and its own support account has just tweeted that the company is “continuing to limit the ability to Tweet, reset your password, and some other account functionalities while it looks into this.”

According to cybercrime experts, this major scam flags the fact that we are living in an era when even people with computer skills might be lured into a scammer’s trap, and even the most secure accounts can be hacked.

“By our estimates, within just two hours at least 367 users have transferred around $120,000 in total to attackers. Cybersecurity is undoubtedly one of the top priorities of all major social media platforms, and they put efforts in preventing many attacks every day. However, neither website or software is entirely immune to bugs, nor is the human factor immune to mistakes. Therefore any native platforms might be compromised,” said Dmitry Bestuzhev, Cybersecurity expert at Kaspersky.

He further said that along with new attack vectors, scams combine old and effective techniques, to use a surprise element and gain people’s trust to facilitate the attack and lure victims into a trap.

Vineet Kumar, founder of Cyber Peace Foundation, said, “The verified accounts of world politicians and celebrities getting hacked is a definite surprise. It’s just these accounts would have been protected with two-step certifications and other preventive measures where regular users may take shortcuts.”

According to Paul Ducklin, Principal Research Scientist at Sophos these three simple steps can protect oneself from such attacks:

1) If a message sounds too good to be true, it ‘Is’ too good to be true. If Musk, Gates, Apple, Biden or any well-known person or company wanted to hand out huge amounts of money on a whim, they wouldn’t demand that you hand them money first.

2) Cryptocurrency transactions don’t have the legal protections that you get with banks or payment card companies. There is no fraud reporting service or transaction cancellation in the world of cryptocurrency. Sending someone cryptocoins is like handing over banknotes to in an envelope.

3) Look out for any and all signs that a message might not be real. Crooks don’t have to make spelling mistakes or get important details wrong, but often they do, like the word “greatful” in the example above.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 16, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.